- Configure org policies
- Restrict allowed IAM domains
- Disable key download
- Disable default network
- Disable external IP
- Require shielded VM
- Prepare for VPC service controls (data protection)
Mike Sparr mikesparr
mikesparr
/ gcp-aws-site-to-site-vpn.sh
Last active
April 21, 2024 13:49
Example site to site VPN between Google Cloud Platform (GCP) and Amazon Web Services (AWS)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ##################################################################### | |
| # REFERENCES | |
| # - https://cloud.google.com/architecture/build-ha-vpn-connections-google-cloud-aws | |
| # - https://cloud.google.com/vpc/docs/private-service-connect | |
| ##################################################################### | |
| export PROJECT_ID=$(gcloud config get-value project) | |
| export PROJECT_USER=$(gcloud config get-value core/account) # set current user |
mikesparr
/ cloud-run-nat-serial.sh
Last active
April 18, 2024 03:43
Experiment on Google Cloud with Cloud Run, Cloud NAT, Private Google Access, and Secure Web Proxy with NAT only for external requests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ##################################################################### | |
| # REFERENCES | |
| # - https://cloud.google.com/sdk/gcloud/reference/compute/networks/create | |
| # - https://cloud.google.com/sdk/gcloud/reference/compute/networks/subnets/create | |
| # - https://cloud.google.com/vpc/docs/configure-private-google-access | |
| # - https://cloud.google.com/network-connectivity/docs/router/how-to/create-router-vpc-network#gcloud | |
| # - https://cloud.google.com/nat/docs/set-up-manage-network-address-translation | |
| # - https://cloud.google.com/nat/docs/using-nat-rules |
mikesparr
/ gcp-gae-cr-private.sh
Last active
April 15, 2024 21:18
Example Google Cloud Platform (GCP) serverless apps communicating via private network
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ##################################################################### | |
| # REFERENCES | |
| # - https://cloud.google.com/run/docs/securing/private-networking#from-other-services | |
| # - https://cloud.google.com/run/docs/securing/private-networking#from-vpc | |
| # - https://cloud.google.com/appengine/docs/flexible/disable-external-ip | |
| # - https://cloud.google.com/dns/docs/records#adding_or_removing_a_record | |
| # - https://cloud.google.com/vpc/docs/configure-private-google-access | |
| # - https://cloud.google.com/run/docs/quickstarts/build-and-deploy/deploy-go-service |
mikesparr
/ gcp-global-lb-multi-region-cr-ce.sh
Last active
April 12, 2024 04:26
Demonstrating how you can deploy Cloud Run (serverless) or Compute Engine instance groups across regions and balance with global load balancer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ##################################################################### | |
| # REFERENCES | |
| # - https://cloud.google.com/run/docs/multiple-regions | |
| # - https://cloud.google.com/compute/docs/instance-groups/distributing-instances-with-regional-instance-groups | |
| # - https://cloud.google.com/load-balancing/docs/https/setup-global-ext-https-compute | |
| # - https://cloud.google.com/load-balancing/docs/backend-service#named_ports | |
| ##################################################################### |
mikesparr
/ cloud-next-24-demo.sh
Last active
April 8, 2024 03:57
Snippets from my Cloud Next '24 demo talk "Hello Gateway, Goodbye Ingress" in Las Vegas April 9, 2024
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ##################################################################### | |
| # REFERENCES | |
| # - https://cloud.google.com/kubernetes-engine/docs/concepts/gateway-api | |
| # - https://cloud.google.com/kubernetes-engine/docs/how-to/container-native-load-balancing | |
| # - https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/ | |
| # - https://cloud.google.com/gemini/docs/quickstart | |
| # - https://cloud.google.com/kubernetes-engine/docs/best-practices/rbac | |
| # - https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#group_authentication |
mikesparr
/ gcp-secure-web-proxy-1.sh
Created
March 29, 2024 18:35
Experiment using Google Cloud Secure Web Proxy and Cloud NAT
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ##################################################################### | |
| # REFERENCES | |
| # - https://cloud.google.com/secure-web-proxy/docs/initial-setup-steps | |
| # - https://cloud.google.com/certificate-manager/docs/deploy-google-managed-regional | |
| # - https://cloud.google.com/secure-web-proxy/docs/quickstart | |
| # - https://cloud.google.com/secure-web-proxy/docs/enable-tls-inspection (OPTIONAL) | |
| ##################################################################### |
mikesparr
/ gke-cloud-armor.sh
Created
June 16, 2022 00:57
Example Google Kubernetes Engine (GKE) app with Managed Certificate and Cloud Armor rate limiting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ##################################################################### | |
| # REFERENCES | |
| # - https://cloud.google.com/armor/docs/integrating-cloud-armor#with_ingress | |
| # - https://cloud.google.com/armor/docs/configure-security-policies | |
| # - https://stackoverflow.com/questions/63841501/how-to-block-multiple-countries-with-one-expression-in-google-cloud-armor | |
| # - https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs | |
| # - https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#create_backendconfig | |
| # - Optional: cloud.google.com/neg: '{"ingress": true}' and ClusterIP (vs NodePort) |
mikesparr
/ secure-gcp-checklist.md
Created
January 11, 2021 02:37
Secure Google Cloud Platform Checklist
mikesparr
/ advanced-ddos-gcp.sh
Last active
March 6, 2024 22:24
Cheat sheet for enabling advanced DDoS protection on Google Cloud
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ##################################################################### | |
| # REFERENCES | |
| # - https://cloud.google.com/armor/docs/managed-protection-using#gcloud | |
| # - https://cloud.google.com/armor/docs/advanced-network-ddos | |
| # - https://cloud.google.com/armor/docs/configure-adaptive-protection | |
| # - https://cloud.google.com/armor/docs/adaptive-protection-auto-deploy | |
| ##################################################################### |
mikesparr
/ 01_setup.sh
Created
March 6, 2024 20:25
Experiment using Langchain, OpenAI and Streamlit, along with FAISS for CPU vector store, that analyzes YouTube transcripts and answers questions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # reference: https://www.youtube.com/watch?v=lG7Uxts9SXs (some code was deprecated so fix along way) | |
| # create folder | |
| mkdir youtube-assistant | |
| cd youtube-assistant | |
| # set up virtual env | |
| python3 -m venv .venv |
NewerOlder