Answer-first summary for fast verification
Answer: Establish VPC Network Peering between Project A and Project B. Deploy a Compute Engine instance in Project B on the peered subnet without an external IP to act as a proxy to the Cloud SQL database.
The correct approach involves setting up VPC Network Peering between the two projects to facilitate secure communication without public internet exposure. Deploying a Compute Engine instance in Project B without an external IP on the peered subnet as a proxy server ensures that the Dataflow pipeline can securely access the Cloud SQL database. This method adheres to the requirement of avoiding public internet data traversal. - **Option A** is incorrect because disabling external IPs and enabling Cloud NAT does not directly solve the secure access requirement for the Cloud SQL instance. - **Option B** allows communication between projects but fails to ensure data does not traverse the public internet. - **Option C** might enable communication but compromises security by potentially exposing data to the public internet.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are tasked with developing an Apache Beam pipeline to extract data from a Cloud SQL instance located in Project B, which lacks a public IP address, using JdbcIO. The pipeline will run on Dataflow in Project A. Neither VPC Service Controls nor shared VPC are in use across these projects. How can you ensure the pipeline connects successfully without exposing data to the public internet?
A
Enable Cloud NAT in Project A and disable external IP addresses on the Dataflow worker.
B
Configure VPC Network Peering between Project A and Project B, then add a firewall rule permitting the peered subnet range to access all network instances.
C
Authorize the external IP addresses of the Dataflow worker in the Cloud SQL instance's network settings.
D
Establish VPC Network Peering between Project A and Project B. Deploy a Compute Engine instance in Project B on the peered subnet without an external IP to act as a proxy to the Cloud SQL database.