GCP 2 tier web Server with AWS - GCP002

Posted on Fri 07 June 2019 in quiz

Alt Text

Your website comprised of two tier. Frontend in GCP, and the backend is in AWS. It seems your frontend server is not able to communicate the backend server.

In this quiz, you can assume everything in AWS is setup correctly. Spot the misconfiguration in GCP.


VPC

vpc

VPC > Firewall

vpc-firewall

VPC > Routes

vpc-routes

VPC > External IP

vpc-externalip

VPN > Tunnel

vpn-tunnel

VPN > Gateway

vpn-gateway

Compute Instances

compute-instance


terraform configuration file Download Terraform output


Answer
No Route is configured to use VPN.

There are two ways to connect GCP via internet VPN.
    - One is to use Classic VPN
    - The other way is to use VPN along with Cloud Router
The biggest difference between these two are redundancy. The former doesn't have redundancy, while the other has.
In this quiz, I start exploring from the simplest one.
When you setup Classic VPN, you can choose how to configure routing from three:
    - Dynamic routing(BGP) ... automatically learns remote network
    - Route-based ... Specify remote network
    - Policy-based ... Specify both local network and remote network
If you have used any on-premise router, this should be quite familiar.
Here, I used policy based. Hence I need to add a static route as it is not dynamically update the route table.

I added a static route, which destination is a subnet in AWS, and nexthop is VPN connection in GCP.
answer-route