Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

🚀 Get 20% OFF All Azure Products Today — Azure Super Sale!
Back to Course

GCP PlayCloud Labs

0% Complete
0/0 Steps
  1. GCP PlayCloud Labs
  2. Guided Lab: How to Launch a GCP Compute Engine Linux Instance
  3. Guided Lab: Creating a VM Using Instance Templates
  4. Guided Lab: Creating and Managing Instance Groups in Compute Engine
  5. Guided Lab: Creating a Spot VM Instance
  6. Guided Lab: Configuring Shielded VM Options
  7. Guided Lab: Exploring Instance Metadata in Google Cloud
  8. Guided Lab: Vertically Scaling a VM Instance
  9. Guided Lab: Setting up a Web Server on a VM Instance
  10. Guided Lab: Using Startup Scripts in GCP VM Instances
  11. Guided Lab: Creating a Custom Image from a VM Instance with Web Server in Google Cloud
  12. Guided Lab: Creating VM Snapshots and Restoring a VM from a Snapshot
  13. Guided Lab: Setting Up and Managing a Database on a VM Instance
  14. Guided Lab: Installing WordPress on an Ubuntu VM Instance with LEMP Stack
  15. Guided Lab: Deploying a LAMP Stack on a Compute Engine VM
  16. Guided Lab: Reserving or Promoting a Static IP Address for a VM Instance
  17. Guided Lab: SSH Access to GCP VM Instance from Local Machine using SSH Key Pair
  18. Guided Lab: Guarding Your VM with Deletion Protection
  19. Guided Lab: Setting Up a Linux Bastion Host on GCP
  20. Guided Lab: Creating a Cloud Storage Bucket
  21. Guided Lab: Uploading, Organizing, and Managing Objects in Cloud Storage
  22. Guided Lab: Exploring Google Cloud Storage Classes
  23. Guided Lab: Hosting a Static Website in Google Cloud Storage Bucket
  24. Guided Lab: Protecting Data on Cloud Storage Bucket Against Accidental Delete and Overwrite Using Object Versioning
  25. Guided Lab: Using Cloud Storage Lifecycle Rules to Automate Object Management
  26. Guided Lab: Managing Cloud Storage Buckets via SSH Commands
  27. Guided Lab: Creating a Cloud SQL Instance
  28. Guided Lab: Running SQL Commands in Cloud SQL Studio
  29. Guided Lab: Creating and Restoring Cloud SQL Backups
  30. Guided Lab: Integrating Cloud SQL Database instance with a VM instance
  31. Guided Lab: Connecting Cloud SQL Database with MySQL Workbench (Local)
  32. Guided Lab: Guarding Your Cloud SQL Instances with Deletion Protection
  33. Guided Lab: Creating a Cloud NAT Gateway
  34. Guided Lab: Creating a Google Kubernetes Engine (GKE) Cluster
  35. Guided Lab: Connecting to a Kubernetes Engine Cluster
  36. Guided Lab: Deploying a Simple Web Application on GKE
  37. Guided Lab: Creating a Custom Virtual Private Cloud (VPC)
  38. Guided Lab: Establishing VPC Peering for Secure Cross‑Network Communication
  39. Guided Lab: Configuring Firewall Rules to Secure and Access a VM
  40. Guided Lab: Creating an Application Load Balancer
  41. Guided Lab: Creating a Network Load Balancer
GCP PlayCloud Labs Guided Lab: Setting Up a Linux Bastion Host on GCP
In Progress
Lesson 19 of 41
In Progress

Guided Lab: Setting Up a Linux Bastion Host on GCP

Jon-Bonso

Description

Bastion hosts provide an external point of entry into a Virtual Private Cloud (VPC) network that contains VMs that don’t have external IP addresses. When using a bastion host, connect to the bastion host first, and then connect to the target VM.

This lab demonstrates how to securely access private instances in Google Cloud using a bastion host. You’ll create a VPC with public and private subnets, configure firewall rules, deploy a bastion host VM, and connect to an internal VM by managing SSH keys.

Prerequisites

To ensure the successful completion of this lab, we highly recommend taking the following guided labs to gain the necessary understanding:

Objectives

In this lab, you will:

  • Deploy a Linux bastion host in a public subnet.
  • Create a custom VPC Network.
  • Configure firewall rules during VPC creation.
  • Connect to the bastion host via the GCP Console.
  • Generate and secure an SSH key pair (private + public key).
  • Add the bastion’s public key to the internal VM for SSH access.
  • Verify secure connectivity to the internal VM.

Subscribe to access GCP PlayCloud Labs

Lab Steps

Create a VPC Network (with Firewall Rules)

1. Navigate to VPC Network > VPC networks.

2. Click Create VPC network.

3. Name: bastion-vpc.

4. Add two subnets:

  • public-subnet → 10.0.1.0/24 (for bastion host)
  • private-subnet → 10.0.2.0/24 (for internal VMs)

5. While creating the VPC, configure firewall rules:

  • Check the bastion-vpc-allow-ssh

6. Click the Create button.

Deploy the Bastion Host VM

1. Go to Compute Engine > VM instances.

2. Click Create instance.

3. Name: bastion-host.

4. Machine type: e2-micro.

5. Boot disk: Ubuntu.

6. Network: attach to public-subnet.

7. Ensure it has an external IP.

8. Create the VM

Deploy the Internal VM

1. Create another VM named internal-vm.

2. Machine type: e2-micro.

3. Boot disk: Ubuntu.

4. Attach it to private-subnet.

5. Ensure no external IP is assigned.

6. Create the VM.

Connect to Bastion Host

1. In the GCP Console, go to VM instances.

2. Activate the CloudShell by clicking the CLI icon at the top.

3. Enter the password when prompted.

Configure SSH Key Access

1. In the Cloud Shell, SSH to the bastion-host VM using this command:

gcloud compute ssh bastion-host --zone us-central1-c

2. Inside the bastion host, generate a new key pair. You can choose any filename (example: my-gcp-key)

ssh-keygen -t rsa -b 4096 -f ~/my-gcp-key

3. Optionally, enter passphrase (empty for no passphrase)

4. This creates:

  • my-gcp-key.pub → public key file
  • my-gcp-key → private key file

5. Copy the public key content (starting with ssh-rsa but excluding the td_gcp_labs_student portion).

3. In the GCP Console, edit the internal-vm → SSH Keys → paste the bastion host’s public key.

When pasting the public key, ensure it ends with the username you intend to log in with. For example: ssh-rsa AAAAB3… ubuntu

4. Click the Save button.

Connect to Internal VM from Bastion

1. From the bastion host shell, connect to the internal VM using its private IP:

ssh -i ~/.ssh/google_compute_engine <username>@10.0.2.2

Replace <username> with the Linux account name (e.g., ubuntu or the one provisioned by gcloud). It should be the same as what you added in the internal-vm SSH key.

2. You should now see a shell prompt on the internal VM.

Verify Connectivity

1. Run simple commands on the internal VM:

whoami
hostname
uptime

2. Confirm that access is only possible through the bastion host.

Congratulations! You have successfully set up a bastion host in Google Cloud and used it to securely access a private VM. This pattern ensures that internal resources remain isolated from the public internet while still being accessible for administrative tasks through a controlled gateway.

Skip to content