0

I have an external regional load balancer running on a shared VPC in project A and have backend services attached to it from project B and C. I would like to add Cloud Armor to my Cross-project backend services (NEG) from project B and C. But when I try to apply the security rule to a target it does not provide me with the option for one of my cross-project backend services.

I know GCP has only introduced the feature for cross-project backend services in external loadbalancer in 2022 so my guess would be that this feature does not exist yet. Though if so, are they still planning to add this functionality?

Sylver11
  • 129
  • 1
  • 8
  • Which load balancer are you using? The global has two configurations. The default is the `classic`. The difference is the scheme `EXTERNAL_MANAGED` versus `EXTERNAL`. The classic is older and probably the one you are using. https://cloud.google.com/load-balancing/docs/load-balancing-overview#summary-gclb – John Hanley Aug 04 '23 at 02:12
  • @JohnHanley nope I am using the **Regional External Application Load Balancer**. That is also the only one that allows you to add **Cross-project backend services** as far as I can tell – Sylver11 Aug 04 '23 at 09:09
  • Sorry, I missed that in your open sentence. Here is a link to cross-project backends using the [global load balancer](https://cloud.google.com/load-balancing/docs/https#cross-project) Is there a reason you are using a regional instead of global? – John Hanley Aug 04 '23 at 14:39
  • @JohnHanley this surprises me now. I haven't come across that documentation. Though when I try to create a global lb it does not provide me with the option to add cross-project backend services. Is this because I do not have sufficient permissions? Because when I try to create one with the regional lb it provides me with the option to add cross-project backend services – Sylver11 Aug 05 '23 at 11:39
  • this part confuses me: https://cloud.google.com/load-balancing/docs/https/set-up-global-ext-https-shared-vpc#grant-bs-user So would I first need to attach the cross-backend services here and then would only be able to add them? – Sylver11 Aug 05 '23 at 11:44

1 Answers1

1

Adding Cloud Armor To Cross-Project Backend Services is still under enhancement mode. You can refer to the Feature request . Do upvote this Feature Request to get future updates on this case and Search for or create issues and feature requests, by product.

As now this FR is pending with the product engineering team, currently there is no ETA. You can learn more about cross-project service referencing in the following link.

Hemanth Kumar
  • 2,728
  • 1
  • 4
  • 19