I have a project, call it Project A. I have created a subscription to a Pub/Sub topic owned by Project B. This subscription is configured to deliver push notifications to my endpoint. I would like to create some firewall rules to restrict access to the instances handling the pub/sub notifications so that only Google can access the instances when delivering the notifications. I don't want any other inbound traffic to the hosts. How can I do this?
Cross project push pub sub and firewall rules
1.7k views Asked by Max At
1
There are 1 answers
Related Questions in GOOGLE-CLOUD-PLATFORM
- Why do I need to wait to reaccess to Firestore database even though it has already done before?
- Unable to call datastore using GCP service account key json
- Troubleshooting Airflow Task Failures: Slack Notification Timeout
- GoogleCloud Error: Not Found The requested URL was not found on this server
- Kubernetes cluster on GCE connection refused error
- Best way to upload images to Google Cloud Storage?
- Permission 'storage.buckets.get' denied on resource (or it may not exist)
- Google Datastream errors on larger MySQL tables
- Can anyone explain the output of apache-beam streaming pipeline with Fixed Window of 60 seconds?
- Parametrizing backend in terraform on gcp
- Nonsense error using a Python Google Cloud Function
- Unable to deploy to GAE from Github Actions
- Assigned A record for Subdomain in Cloud DNS to Compute Engine VM instance but not propagated/resolved yet
- Task failure in DataprocCreateClusterOperator when i add metadata
- How can I get the long running operation with google.api_core.operations_v1.AbstractOperationsClient
Related Questions in GCLOUD
- Permission 'storage.buckets.get' denied on resource (or it may not exist)
- ERROR: (gcloud.endpoints.services.deploy) INVALID_ARGUMENT: Cannot convert to service config
- Google API NodeJS - Getting 401 Unauthorized Error on Subsequent Runs After Successful OAuth2
- Problem using service accounts in gke deployment
- How to connect docker container to vpn site to site
- Is there anyway of setting datastore to use firebase firestore emulator? i.e Datastore in native mode
- ModuleNotFoundError: No module named 'main' in Flask application deployed on gcloud
- gcloud.app.deploy Error Response: [13] default Cloud Build service account or user-specified service account does not have access to the bucket
- GCP Java dev_appserver Can't make API call memcache.Get in a thread that is neither the original request thread nor a thread created by ThreadManager
- Google Sign-In for iOS and OAuth
- gcloud CLI: use IPv4 only
- Configure Lens with GKE cluster - gke_gcloud_auth_plugin issue
- Google recaptcha enterprise: Your default credentials were not found
- Configuring podman on google cloud server for deployment
- Google cloud shows persistent disk SSD is full, wherease I do not have anything deployed currently
Related Questions in GOOGLE-CLOUD-PUBSUB
- Does Apache Beam's BigQuery IO Support JSON Datatype Fields for Streaming Inserts?
- How to stream data from Pub/Sub to Google BigTable using DataFlow?
- App didn't recieved a gcp pubsub message for a minute
- GCP Pub Sub topics
- Unable initialise pub/sub with SparkSession
- Unexpected Redelivery of Messages in Google Cloud Pub/Sub with Cloud Run despite Successful Acknowledgment
- GCP PubSub to DLP Integration via Dataflow
- How can I export Pub/Sub messages using a Protobuf schema to a GCS bucket?
- Can I Trigger a Cloud Function Based on a Pub/Sub Subscription?
- Unable to migrate to spring 3.2.3. possible Issue with messagingGateway
- Flink Job consuming Google PubSub - DEADLINE_EXCEEDED exception
- KeyError in Apache Beam while reading from pubSub,'ref_PCollection_PCollection_6'
- How to create a Pub/Sub topic and send a message to its triggering Pub/Sub topic?
- Google Cloud Function Connection Error when Deployed but Works in Inline Editor
- Can I ack/nack message after the streaming pull timeout exceeds?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
I don't think that's possible. From https://cloud.google.com/pubsub/docs/subscriber#pubsub-pull-messages-csharp
To answer the larger question which may be relevant to you:
How do I prevent attackers from posting bogus messages to my endpoint?
The answer to that question is to share a secret between Project A and Project B, and include an artifact of that secret in the message attributes. Sign the message with a private key and include the signature in the attributes. Then, the endpoint receives the message and verifies the signature against a public key.