Forem: Kevin Blanco

Appsmith On Google Cloud Run - Secure Static Outbound IP Address

Kevin Blanco — Wed, 13 Dec 2023 22:11:12 +0000

Overview

By default, a Cloud Run, a serverless product, connects to external endpoints on the internet using a dynamic IP address pool. This default is unsuitable if the Cloud Run service connects to an external endpoint that requires connections originating from a static IP address, such as a database or API using an IP address-based firewall. You must configure your Cloud Run service to route requests through a static IP address for those connections.

This guide describes enabling a Cloud Run service to send requests using a static IP address. In my test scenario, I have an Appsmith application (the best low-code opensource platform) running in Google Run. I need a static IP address to connect it to a MongoDB Database running in MongoDB Atlas. Any secure application should block any connection that is not from a trusted origin, in this case, only our Cloud Run app should access the database.

Prerequisites

A Google Cloud Run working application.
The gcloud command line interface installed on your machine

Let's review the following diagram of the implementation:

As you can notice, the mechanisms to securely outbound the Cloud Run requests to the Database is using, first of all, a Serverless VPC connector, then, Cloud NAT, and lastly, Cloud Router, let's elaborate on these.

Configuring a Serverless VPC Connector

A Serverless VPC is a feature that allows you to connect serverless applications, such as Cloud Run, to your Virtual Private Cloud (VPC) network without needing a dedicated IP address or a public IP. This enables serverless applications to access resources within your VPC securely.

First, enable the API by running:

gcloud services enable vpcaccess.googleapis.com

Now we can create the VPC Connector using the following command:

gcloud compute networks vpc-access connectors create CONNECTOR_NAME \
  --region=REGION \
  --subnet-project=PROJECT_ID \
  --subnet=SUBNET_NAME

Replace the following values in this command:

CONNECTOR with a name you want to give to this resource.
PROJECT_ID with a name that hosts the subnetwork.
SUBNET_NAME with the name of the subnetwork you created.
REGION with the region where you want to create a VPC Access.

Remember always to use the same region for all these commands, this is key for the networking interfaces to function correctly.

In my case, the command looks like this:

gcloud compute networks vpc-access connectors create appsmith \
--region=us-central1 \
--network=default \
--range=10.8.0.0/28 \
--min-instances=2 \
--max-instances=10 \
--machine-type=e2-micro

You can also do this the browser by going to https://console.cloud.google.com/networking/connectors/add and entering the same information.

Configuring Cloud Router

Google Cloud Router is a networking service that enables dynamic exchange of routes between your on-premises network and your Virtual Private Cloud (VPC) network in the Google Cloud. It facilitates the creation of a dynamic and scalable hybrid cloud network architecture, in our case it will be the one connecting the Serverless VPC to the Cloud NAT to allow the Outbound Static IP address for MongoDB Atlas.

Before setting up the Cloud Router, we need to reserve a new Static IP:

gcloud compute addresses create appsmith-static-ip \
    --region=us-central1

Now, validate it was successfully created by running:

gcloud compute addresses list

And you will see something like this:

NAME: appsmith-static-ip
ADDRESS/RANGE: 34.67.254.239
TYPE: EXTERNAL
PURPOSE: 
NETWORK: 
REGION: us-central1
SUBNET: 
STATUS: IN_USE

As you can see, the Static IP Address assigned has been 34.67.254.239, hurray! this is the one that we will attach Cloud Router and Cloud NAT

Now, to create the Cloud Router, run the following command:

gcloud compute routers create appsmith-router \
    --network default \
    --region us-central1

And that's it! Easy right?, now let's create the last portion of this setup:

Configuring Network Address Translation (NAT)

When using a Serverless VPC Access connector, requests from your Cloud Run service are directed to your VPC network. To ensure outbound requests to external endpoints are routed through a static IP, it is necessary to configure a Cloud NAT gateway. This gateway will allow you to manage the egress traffic from your Cloud Run service, providing a secure and reliable connection to external resources.

Now, here's where we glue it all together,in the following command, we will tell Google Cloud to create a new NAT using the Router and the IP Address we previously created

gcloud compute routers nats create appsmith-cloud-nat-config \
    --router=appsmith-router \
    --nat-external-ip-pool=appsmith-static-ip \
    --nat-all-subnet-ip-ranges \
    --enable-logging
    --router-region=us-central1

And that's it, this is all we need to have this setup in place, now we can use Cloud Logger to validate this is actually working

Validate Outbound Requests go through the Router/NAT

Now we can validate this is working by going to Cloud Logs https://console.cloud.google.com/logs/query and create a new query filtering the logs by those created by the NAT Gateway:

resource.type="nat_gateway"

You will see a lot of network results after filtering, you can expand any of those results and see how your Cloud Run application is using the gateway, the Static IP Address, and the Router we defined in the previous steps

Sucess!! Now, you can securely use the Static IP Address to allow requests coming from Cloud Run! In my example, I'm going to only allow requests from that IP in MongoDB Atlas

Conclusion

We explained how Cloud Run outbounds the network requests to the VPC using the Serverless VPC Connector, which, will use the Cloud Router to route the requests to the outside world using the static IP Address and the Cloud NAT! Easy right?

Fostering a Product-First Mindset 🚀

Kevin Blanco — Thu, 24 Aug 2023 17:58:24 +0000

In the realm of software development, from my personal journey and experience, there exists a fundamental distinction between two types of programmers/developers/engineers: the "code-first" engineers and the "product-first" engineers. This dichotomy is more than just a matter of coding preference; it reflects a profound difference in approach and perspective.

Code-first vs. Product-first

Code-First Engineers: Often characterized by their obsession with architectural perfection, cutting-edge tools, and impeccable test coverage, code-first engineers derive immense satisfaction from crafting intricate abstractions and utilizing the latest language features. They thrive in discussions about technical minutiae and are quick to point out areas for code improvement. To them, the code itself is the zenith of their work—the ultimate goal to be pursued relentlessly.

Product-First Engineers: Conversely, product-first engineers view code as a means to an end, a means to create an exceptional product that solves tangible problems for users. While they appreciate the significance of well-structured code, their primary focus lies on the end result—the product's functionality, user experience, and effectiveness in addressing real-world issues. The success of the product, rather than the elegance of the code, is what drives their passion.

The divide between these two approaches often leads to debates on priorities, with each side advocating for their perspective. The code-first proponents champion maintainability, while the product-first advocates rally behind user satisfaction. While both viewpoints have their merits, it's crucial to understand that software development is, at its core, a pursuit of creating impactful solutions for users.

Context: What is Appsmith and Why it Matters

Appsmith distinguishes itself as the most powerful low-code and no-code opensource platform, enabling developers to transform innovative ideas into reality with unmatched speed and efficiency. From small startups to large enterprises, Appsmith caters to a broad range of users, empowering them, regardless of their expertise, to build sophisticated applications with ease. Seamlessly bridging the gap between complex coding requirements and the need for rapid deployment, without compromising on the quality or scalability.

Embracing the Product-First Mindset with a Low-Code approach using Appsmith

Enter Appsmith, a revolutionary opensource tool that empowers engineers to seamlessly adopt a product-first mindset without compromising on the quality of their code. Unlike traditional development environments that tend to emphasize one approach over the other, Appsmith bridges the gap between code-first and product-first ideologies, offering a unified platform where both can flourish.

Why Appsmith is Ideal for Product-First Engineers

Rapid Prototyping: Appsmith's intuitive drag-and-drop interface allows engineers to swiftly create interactive prototypes of their product ideas. This encourages iterative development, enabling product-first engineers to visualize concepts and gather valuable user feedback early in the process.
User-Centric Design: With Appsmith's rich library of pre-built UI components and widgets, engineers can focus on crafting user-friendly interfaces that enhance the overall product experience. The tool's real-time preview feature empowers them to fine-tune designs to perfection.
Seamless Integration: Appsmith seamlessly integrates with various data sources, APIs, and databases, making it effortless for product-first engineers to connect their prototypes with real data. This facilitates realistic testing and validation of their solutions.
Collaboration: Collaboration is at the heart of product development. Appsmith facilitates cross-functional collaboration by enabling engineers, designers, and product managers to collaborate on the same platform, fostering a holistic approach to building successful products.

The Role of Code-First Engineers and Appsmith's Impact

While code-first engineers play an indispensable role in architecting robust systems, product-first engineers armed with Appsmith can open up a world of possibilities. By utilizing Appsmith's visual interface and powerful integrations, product-first engineers can rapidly translate their innovative ideas into tangible products without getting bogged down by low-level code intricacies. This synergy between the two types of engineers leads to the creation of well-designed, user-centric products supported by a strong technical foundation.

Appsmith recognizes and celebrates the invaluable role of code-first engineers in shaping the digital landscape. The platform is not just a tool for product-first engineers; it's a haven where code-first engineers can channel their expertise to construct the scaffolding upon which innovative products are built.

By embracing Appsmith, code-first engineers can:

1.** Architect Excellence*: Appsmith provides code-first engineers with a canvas to architect intricate systems with precision. The platform's flexible scripting capabilities and integrations allow them to design solutions that align with their architectural vision.
2.* Enhance Collaboration*: Collaboration between code-first and product-first engineers is a synergy that powers innovation. Appsmith offers an environment where these two worlds converge seamlessly, enabling code-first engineers to work alongside their product-first counterparts, translating architectural brilliance into tangible user-centric solutions.
3. Iterative Refinement*: Just as a piece of art evolves over time, software systems require iterative refinement. Appsmith empowers code-first engineers to continuously enhance and optimize their creations, ensuring that the codebase remains a testament to their commitment to excellence.

Inspiring a New Generation of Engineers

In today's fast-paced world, where user needs and expectations evolve rapidly, the harmony between code-first and product-first perspectives is pivotal. As we've explored, the true essence of software development lies in delivering exceptional products that make a meaningful impact on users' lives. Appsmith emerges as a trailblazing solution that bridges the gap between these two approaches, fostering a community of engineers who prioritize innovation, user experience, and technical excellence in equal measure.

As we journey forward, let's embrace the lessons from both code-first and product-first philosophies. Let's celebrate the beauty of well-crafted code while always keeping our eyes on the ultimate goal—the creation of remarkable products that transform the way we live, work, and interact. And with Appsmith by our side, we're equipped to turn these aspirations into reality, one innovative product at a time.

Originally posted on the Appsmith Community Portal