I have a project, call it Project A. I have created a subscription to a Pub/Sub topic owned by Project B. This subscription is configured to deliver push notifications to my endpoint. I would like to create some firewall rules to restrict access to the instances handling the pub/sub notifications so that only Google can access the instances when delivering the notifications. I don't want any other inbound traffic to the hosts. How can I do this?
Cross project push pub sub and firewall rules
1.7k Views Asked by Max At
1
There are 1 best solutions below
Related Questions in GOOGLE-CLOUD-PLATFORM
- Google Logging API - What service name to use when writing entries from non-Google application?
- Custom exception message from google endpoints exception
- Unable to connect database of lamp instance from servlet running on tomcat instance of google cloud
- How to launch a Jar file using Spark on hadoop
- Google Cloud Bigtable Durability/Availability Guarantees
- How do I add a startup script to an existing VM from the developer console?
- What is the difference between an Instance and an Instance group
- How do i change files using ftp in google cloud?
- How to update all machines in an instance group on Google Cloud Platform?
- Setting up freeswitch server on Google cloud compute
- Google Cloud Endpoints: verifyToken: Signature length not correct
- Google Cloud BigTable connection setup time
- How GCE HTTP Cross-Region Load Balancing implemented
- Google Cloud Bigtable compression
- Google cloud SDK code to execute via cron
Related Questions in GCLOUD
- How to ban traffic from a specific zone in Google Cloud Compute instance?
- gcloud preview app deploy returns 400 error
- Google cloud SDK code to execute via cron
- Google HTTP load balancing enforce HTTPS
- google cloud sdk: set environment variable_ python --> linux
- ERROR: (gcloud.preview) Invalid choice: 'docker'. Did you mean 'dm-v2'?
- Creating Google Cloud Platform Projects without Console page.
- How to deploy a Sails.js project on Google cloud?
- Allowing users to connect with SSH without having sudo access?
- Google Cloud VM creates new version on deploy
- gcloud command not found - while installing Google Cloud SDK
- Can't SSH to GCloud after editing /etc/network/interfaces
- How to use gcloud commands programmatically via Python
- gcloud command not found -installing Google Cloud SDK
- Why isn't gcloud available to /usr/bin/sh on Google Compute Engine instances?
Related Questions in GOOGLE-CLOUD-PUBSUB
- Generating wrong Uri for PubSub Service
- Is it possible to read a message from a PubSub and separate its data in different elements of a PCollection<String>? If so, how?
- Is there a way to configure the retention period for google cloud pub/sub?
- Is there any form to reduce the quantity of messages read per second from PubSubIO?
- Topic is created on cloud pub/sub but unable to create watch on that topic
- How to stop a streaming pipeline in google cloud dataflow
- Can a subscriber select messages based on publisher?
- Accessing the subscription/num_oustanding_messages metric in Google PubSub from Python
- Stream BigQuery table into Google Pub/Sub
- Google dataflow write to mutiple tables based on input
- How to Authenticate an External Publisher in Google Pub/Sub?
- Cross project push pub sub and firewall rules
- Google Cloud Pub/Sub: unable to get request PUSH from GAE endpoint URL
- For google cloud dataflow, is it possible to start another pipeline from a pipeline.
- PubSub Kafka Connect node connection end of file exception
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
I don't think that's possible. From https://cloud.google.com/pubsub/docs/subscriber#pubsub-pull-messages-csharp
To answer the larger question which may be relevant to you:
How do I prevent attackers from posting bogus messages to my endpoint?
The answer to that question is to share a secret between Project A and Project B, and include an artifact of that secret in the message attributes. Sign the message with a private key and include the signature in the attributes. Then, the endpoint receives the message and verifies the signature against a public key.