GCP 2 tier web Server with AWS - GCP003

Posted on Fri 07 June 2019 in quiz

Alt Text

Your website comprised of two tier. Frontend in GCP, and the backend is in AWS. It seems your frontend server is not able to communicate the backend server.

In this quiz, you can assume everything in AWS is setup correctly. Spot the misconfiguration in GCP.


VPC

vpc

VPC > Firewall

vpc-firewall

VPC > Routes

vpc-routes

VPC > External IP

vpc-eip

VPN > Tunnel

vpn-tunnel

VPN > Gateway

vpn-gateway

Compute Instances

compute-instance


terraform configuration file Download Terraform output


Answer
Policy route is configured wrongly in VPN tunnel.

I used Classic VPN with policy-based routing
    - Policy-based ... Specify both local network and remote network
In this quiz, as you can see in the "VPN - tunnel", this tunnel is used only when the traffic is:
    - from 172.16.0.0/24 and going to 10.0.0.0/24 This is not the communication we are expecting. The frontend server to backend server communication is done "from 10.0.0.0/24 to 172.16.0.0/24".
    In order to mitigate this, the vpn tunnel needs to be re-created because this policy cannot be changed on the fly.
    answer-vpn