- Configure org policies
- Restrict allowed IAM domains
- Disable key download
- Disable default network
- Disable external IP
- Require shielded VM
- Prepare for VPC service controls (data protection)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
##################################################################### | |
# REFERENCES | |
# - https://cloud.google.com/architecture/build-ha-vpn-connections-google-cloud-aws | |
# - https://cloud.google.com/vpc/docs/private-service-connect | |
##################################################################### | |
export PROJECT_ID=$(gcloud config get-value project) | |
export PROJECT_USER=$(gcloud config get-value core/account) # set current user |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
##################################################################### | |
# REFERENCES | |
# - https://cloud.google.com/sdk/gcloud/reference/compute/networks/create | |
# - https://cloud.google.com/sdk/gcloud/reference/compute/networks/subnets/create | |
# - https://cloud.google.com/vpc/docs/configure-private-google-access | |
# - https://cloud.google.com/network-connectivity/docs/router/how-to/create-router-vpc-network#gcloud | |
# - https://cloud.google.com/nat/docs/set-up-manage-network-address-translation | |
# - https://cloud.google.com/nat/docs/using-nat-rules |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
##################################################################### | |
# REFERENCES | |
# - https://cloud.google.com/run/docs/securing/private-networking#from-other-services | |
# - https://cloud.google.com/run/docs/securing/private-networking#from-vpc | |
# - https://cloud.google.com/appengine/docs/flexible/disable-external-ip | |
# - https://cloud.google.com/dns/docs/records#adding_or_removing_a_record | |
# - https://cloud.google.com/vpc/docs/configure-private-google-access | |
# - https://cloud.google.com/run/docs/quickstarts/build-and-deploy/deploy-go-service |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
##################################################################### | |
# REFERENCES | |
# - https://cloud.google.com/run/docs/multiple-regions | |
# - https://cloud.google.com/compute/docs/instance-groups/distributing-instances-with-regional-instance-groups | |
# - https://cloud.google.com/load-balancing/docs/https/setup-global-ext-https-compute | |
# - https://cloud.google.com/load-balancing/docs/backend-service#named_ports | |
##################################################################### |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
##################################################################### | |
# REFERENCES | |
# - https://cloud.google.com/kubernetes-engine/docs/concepts/gateway-api | |
# - https://cloud.google.com/kubernetes-engine/docs/how-to/container-native-load-balancing | |
# - https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/ | |
# - https://cloud.google.com/gemini/docs/quickstart | |
# - https://cloud.google.com/kubernetes-engine/docs/best-practices/rbac | |
# - https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#group_authentication |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
##################################################################### | |
# REFERENCES | |
# - https://cloud.google.com/secure-web-proxy/docs/initial-setup-steps | |
# - https://cloud.google.com/certificate-manager/docs/deploy-google-managed-regional | |
# - https://cloud.google.com/secure-web-proxy/docs/quickstart | |
# - https://cloud.google.com/secure-web-proxy/docs/enable-tls-inspection (OPTIONAL) | |
##################################################################### |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
##################################################################### | |
# REFERENCES | |
# - https://cloud.google.com/armor/docs/integrating-cloud-armor#with_ingress | |
# - https://cloud.google.com/armor/docs/configure-security-policies | |
# - https://stackoverflow.com/questions/63841501/how-to-block-multiple-countries-with-one-expression-in-google-cloud-armor | |
# - https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs | |
# - https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#create_backendconfig | |
# - Optional: cloud.google.com/neg: '{"ingress": true}' and ClusterIP (vs NodePort) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
##################################################################### | |
# REFERENCES | |
# - https://cloud.google.com/armor/docs/managed-protection-using#gcloud | |
# - https://cloud.google.com/armor/docs/advanced-network-ddos | |
# - https://cloud.google.com/armor/docs/configure-adaptive-protection | |
# - https://cloud.google.com/armor/docs/adaptive-protection-auto-deploy | |
##################################################################### |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# reference: https://www.youtube.com/watch?v=lG7Uxts9SXs (some code was deprecated so fix along way) | |
# create folder | |
mkdir youtube-assistant | |
cd youtube-assistant | |
# set up virtual env | |
python3 -m venv .venv |
NewerOlder