Skip to Content

Using Cloud Shell as a bastion

Cloud shell helps you getting access to your Google Compute Engine instances

Posted on by Bastien Cadiot One min read

There are many ways to remotely access instances on Google Compute Engine. Traditionally we use a VPN, an Interconnect, or a dedicated instance as a bastion .

Google Cloud Platform provides another useful method thanks to gcloud.
You can install gcloud on your machine, but you can also use embedded gcloud in Cloud Shell (inside the cloud console).

As a perfect bastion, Cloud Shell comes with many tools pre-installed and a persistent storage.

Let’s try to connect to an instance with an external IP:

$ gcloud compute ssh instance-1 --zone europe-west1-d

But if the instance doesn’t have a public IP address? You can add one temporarily before trying to connect:

$ gcloud compute instances add-access-config instance-2 \
         --zone europe-west1-d
$ gcloud compute ssh instance-2 \
         --zone europe-west1-d
$ gcloud compute instances delete-access-config instance-2 \
         --zone europe-west1-d

Want to go further?

More details in the dedicated documentation: Securely Connecting to VM Instances

comments powered by Disqus