Packer: Google Cloud IAP for SSH without external IP

Created on 29 Oct 2019  ยท  10Comments  ยท  Source: hashicorp/packer

Feature Description

Add support for SSH over IAP using the Google Cloud IAP for TCP forwarding feature.

The gcloud ssh command automatically uses this as a fallback when trying to ssh into an instance without an external IP.

Use Case(s)

This will let you use the SSH communicator on instances that do not have an external IP address.

Using the IAP proxy with GCP is generally more secure given that you no longer need to have a public IP address and firewall rules to grant packer access to the instance.

buildegoogle enhancement
Source
picture danisla
👍4

Most helpful comment

I'm in the process of implementing this. I've tested it from an OSX machine, but haven't tried for windows. Currently it's only enabled for SSH. I'd appreciate some testing and feedback; binaries can be found at https://circleci.com/gh/hashicorp/packer/47476#artifacts/containers/0

picture SwampDragons on 23 Apr 2020
👍3

All 10 comments

Similar to #8242

rickard-von-essen picture rickard-von-essen on 29 Oct 2019

https://cloud.google.com/iap/docs/tcp-forwarding-overview

rickard-von-essen picture rickard-von-essen on 30 Oct 2019

This would be very useful indeed ! Trying to run packer from Google Cloud Build on a network that doesn't accept any external ip (org policy restriction).

ocervell picture ocervell on 22 Nov 2019

@ocervell you could run packer from another instance within the same network.

rickard-von-essen picture rickard-von-essen on 23 Nov 2019

Yes, but our goal is to integrate Packer build with a Cloud Build pipeline that builds other infrastructure with Terraform.

ocervell picture ocervell on 26 Nov 2019

@rickard-von-essen do you have any update on this? Our company disallowed the usage of public IP at the organization policies.

zachahuy02 picture zachahuy02 on 5 Apr 2020

I'm not working on this.

rickard-von-essen picture rickard-von-essen on 5 Apr 2020

But if the only problem is that you can't have a public IP use a instance in the same network to run Packer from.

rickard-von-essen picture rickard-von-essen on 5 Apr 2020

I'm in the process of implementing this. I've tested it from an OSX machine, but haven't tried for windows. Currently it's only enabled for SSH. I'd appreciate some testing and feedback; binaries can be found at https://circleci.com/gh/hashicorp/packer/47476#artifacts/containers/0

SwampDragons picture SwampDragons on 23 Apr 2020
👍3

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 8 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

shashanksinha89 picture shashanksinha89  ยท  3Comments
Nikoos picture Nikoos  ยท  3Comments
jesse-c picture jesse-c  ยท  3Comments
DanielBo picture DanielBo  ยท  3Comments
brettswift picture brettswift  ยท  3Comments