01 ‐ Make VM accessible to Internet in OCI AWS Azure GCP - SanjeevOCI/Study GitHub Wiki

To make a Virtual Machine (VM) accessible to the internet in OCI, AWS, Azure, and GCP, you need to configure networking and firewall rules to allow inbound traffic. Here's how to do it for each cloud provider:

Here’s a comparative analysis of how to make a VM accessible to the internet in OCI, AWS, Azure, and GCP in a tabular format:

Aspect OCI AWS Azure GCP
Public IP Assignment - Assign a public IP during VM creation or attach it later via the VNIC.
- Public IP is optional.		 - Assign a public IP during EC2 instance creation or attach an Elastic IP later.
- Public IP is optional.		 - Assign a public IP during VM creation or associate it with the network interface later. - Assign an external IP during VM creation or attach it later.
- External IP is optional.
Firewall/Security Rules - Update Security Lists or Network Security Groups (NSGs) to allow inbound traffic.
- Specify source CIDR, protocol (e.g., TCP), and port (e.g., 22 for SSH).		 - Update Security Groups to allow inbound traffic.
- Specify source CIDR, protocol (e.g., TCP), and port (e.g., 22 for SSH).		 - Update Network Security Groups (NSGs) to allow inbound traffic.
- Specify source, protocol, and port.		 - Create or update Firewall Rules to allow inbound traffic.
- Specify source IP ranges, protocol, and port.
Route to Internet - Ensure the Route Table has a route to the Internet Gateway for 0.0.0.0/0. - Ensure the Route Table has a route to the Internet Gateway for 0.0.0.0/0. - No explicit route configuration is required; NSG rules handle traffic. - Ensure the VPC Route Table has a route to the Internet Gateway for 0.0.0.0/0.
Default Subnet Behavior - Subnets can be public or private based on the Internet Gateway and Security List configuration. - Subnets can be public or private based on the Internet Gateway and Security Group configuration. - Subnets are private by default; public IP and NSG rules are required for internet access. - Subnets are private by default; external IP and firewall rules are required for internet access.
Tools for Testing - Use the public IP to test connectivity via SSH (ssh user@<public-ip>) or HTTP (curl). - Use the public IP to test connectivity via SSH (ssh user@<public-ip>) or HTTP (curl). - Use the public IP to test connectivity via SSH (ssh user@<public-ip>) or HTTP (curl). - Use the external IP to test connectivity via SSH (ssh user@<external-ip>) or HTTP (curl).
Security Considerations - Restrict source CIDR to specific IP ranges for better security.
- Use Bastion Hosts for private VMs.		 - Restrict source CIDR to specific IP ranges for better security.
- Use Bastion Hosts for private VMs.		 - Restrict source in NSG rules to specific IP ranges.
- Use Azure Bastion for private VMs.		 - Restrict source IP ranges in firewall rules.
- Use IAP (Identity-Aware Proxy) for private VMs.

Key Takeaways

  • Public IP: All providers require assigning a public/external IP to make the VM accessible to the internet.
  • Firewall Rules: Each provider has its own mechanism for configuring firewall/security rules:
    • OCI: Security Lists or NSGs.
    • AWS: Security Groups.
    • Azure: NSGs.
    • GCP: Firewall Rules.
  • Route to Internet: OCI, AWS, and GCP require explicit routes to the Internet Gateway, while Azure handles routing implicitly.
  • Security: Always restrict access to specific IP ranges and use bastion hosts or proxies for private VMs.

1. Oracle Cloud Infrastructure (OCI)

Steps:

  1. Assign a Public IP:

    • Ensure the VM has a public IP address.
    • If not, assign a public IP by editing the instance's VNIC and enabling a public IP.

  2. Update Security Lists:

    • Go to the VCN associated with the VM.
    • Edit the Security List for the subnet and add an Ingress Rule:
      • Source CIDR: 0.0.0.0/0 (for all IPs) or a specific IP range.
      • Protocol: TCP.
      • Port Range: E.g., 80 for HTTP, 22 for SSH.

  3. Update Route Table:

    • Ensure the Route Table for the subnet has a route to the Internet Gateway:
      • Destination CIDR: 0.0.0.0/0.
      • Target: Internet Gateway.

  4. Test Access:

    • Use the public IP to access the VM (e.g., SSH or HTTP).

2. Amazon Web Services (AWS)

Steps:

  1. Assign a Public IP:

    • Ensure the VM (EC2 instance) has a public IP.
    • If not, associate an Elastic IP with the instance.

  2. Update Security Groups:

    • Go to the Security Group associated with the EC2 instance.
    • Add an Inbound Rule:
      • Type: E.g., SSH, HTTP, or Custom TCP.
      • Protocol: TCP.
      • Port Range: E.g., 22 for SSH, 80 for HTTP.
      • Source: 0.0.0.0/0 (for all IPs) or a specific IP range.

  3. Update Route Table:

    • Ensure the Route Table for the subnet has a route to the Internet Gateway:
      • Destination: 0.0.0.0/0.
      • Target: Internet Gateway.

  4. Test Access:

    • Use the public IP to access the instance (e.g., SSH or HTTP).

3. Microsoft Azure

Steps:

  1. Assign a Public IP:

    • Ensure the VM has a public IP address.
    • If not, associate a Public IP with the VM's network interface.

  2. Update Network Security Group (NSG):

    • Go to the NSG associated with the VM's subnet or network interface.
    • Add an Inbound Security Rule:
      • Source: Any or a specific IP range.
      • Source Port Range: *.
      • Destination: Any.
      • Destination Port Range: E.g., 22 for SSH, 80 for HTTP.
      • Protocol: TCP.
      • Action: Allow.
      • Priority: Lower number (higher priority).

  3. Test Access:

    • Use the public IP to access the VM (e.g., SSH or HTTP).

4. Google Cloud Platform (GCP)

Steps:

  1. Assign a Public IP:

    • Ensure the VM has an external IP address.
    • If not, assign an External IP to the VM.

  2. Update Firewall Rules:

    • Go to VPC Network > Firewall Rules.
    • Create a new Firewall Rule:
      • Targets: The VM or all instances in the network.
      • Source IP Ranges: 0.0.0.0/0 (for all IPs) or a specific IP range.
      • Protocols and Ports: E.g., TCP:22 for SSH, TCP:80 for HTTP.

  3. Test Access:

    • Use the external IP to access the VM (e.g., SSH or HTTP).

Key Considerations

  1. Security:

    • Avoid opening all ports to the internet (0.0.0.0/0) unless necessary.
    • Restrict access to specific IP ranges for better security.
    • Use firewalls and security groups to control traffic.

  2. Public IP:

    • Ensure the VM has a public IP for internet access.
    • Use NAT Gateways or Bastion Hosts for private VMs.

  3. Testing:

    • Use tools like ping, curl, or SSH to verify connectivity.

By following these steps, you can make your VM accessible to the internet in OCI, AWS, Azure, and GCP.

⚠️ **GitHub.com Fallback** ⚠️