Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Connecting to DocumentDB running in the private subnet of AWS VPC from your DevBox.
Follow the Connecting to AWS guide.
Go to Amazon DocumentDB > Clusters > Your Cluster.
Select Connectivity & Security. You will see the commands and DocumentDB hostname for accessing it.
In your DevBox, import the MongoDB public GPG key:
Add MongoDB package repository source:
Reload local package database:
Install MongoDB:
Download the certificate:
Connect to the database:
where the cluster endpoint will be available in Connectivity & Security section.
Follow the Connecting to AWS guide.
Go to Amazon DocumentDB > Create Cluster.
Select Instance Based Cluster.
In the Configuration section choose Instance Class, number of instances for your cluster.
Set Username and Password.
Turn on Show advanced settings.
In the Network settings , choose the VPC where your bastion host is running, subnet group and assign a security group which has inbound access to only VPC.
Click Create cluster.
In your DevBox, import the MongoDB public GPG key:
Add MongoDB package repository source:
Reload local package database:
Install MongoDB:
Download the certificate:
Connect to the database:
where the cluster endpoint will be available in Connectivity & Security section.
Connecting to EKS running in the private subnet of AWS VPC from your DevBox.
Follow Connecting to AWS guide.
Go to Amazon Elastic Kubernetes Service > Clusters.
Go to your DevBox and install awscli:
Download the kubectl binaries:
Install kubectl:
Check if the cluster is accessible:
Go to Amazon Elastic Kubernetes Service > Clusters > Add cluster > Create.
Enter the name of the cluster and assign a Cluster service role which has AmazonEKSClusterPolicy permission. If no role is present, create a new one with the same permission.
Click on Next. In the Networking section, choose the VPC where your bastion host is deployed and assign 2 private subnets. In Cluster endpoint access, select Private.
Configure other configurations as required and then create the cluster. After creating the cluster, go to the compute section and under Node groups click on Add node group.
Enter the name of the node group and assign a node IAM role with AmazonEC2ContainerRegistryReadOnly, AmazonEKS_CNI_Policy and AmazonEKSWorkerNodePolicy permissions. If no role is present, create a new one with the same permissions.
Configure other configurations as required and create the nodes.
Go to your DevBox and install awscli:
Download kubectl binaries:
Install kubectl:
Click on your AWS username at the top right corner and go to Security credentials. In the Access keys section, click on Create access key. Create the key and save the CSV file.
In your DevBox, use the csv credentials to configure the awscli to your account:
Check if the cluster is accessible:
``` kubectl get svc
Connecting to EC2 running in the private subnet of AWS VPC from your DevBox.
Go to Amazon EC2 > Instances > Your Instance.
Click on Connect. You will see the commands for accessing it.
Go to DevBox and make a copy of the key pair.
Connect to EC2 machine:
Go to Amazon EC2 > Instances > Launch Instances.
Enter the name of the instance.
Choose the Instance type.
Create a new key pair and save it.
In the Network settings, click on edit and choose the VPC where your bastion host is running, the private subnet and the security group which allows inbound access to VPC.
Go to the DevBox and make a copy of the key pair.
Connect to the desired EC2 instance using ssh and the new key pair:
Follow the guide.
Follow the guide.
Use one of the .
Schedule ECS tasks locally using ecs-cli
Create a new workspace with Docker installed (How-to).
Go to AWS Console > IAM > Users > Create user.
Add the following permissions to the user: AmazonECS_FullAccess.
Obtain the credentials under Users > id > Security credentials > Access keys > Create access key.
Install the ECS CLI:
Set the correct permissions:
Configure the default profile:
Configure the default cluster:
Download a task definition:
Bring up the containers:
Connecting to an RDS running in the private subnet of AWS VPC to your DevBox.
Follow the Connecting to AWS guide.
Go to RDS > DB Instances > DB Name.
Select Connectivity and Security.
Copy Endpoint.
Go to DevBox.
Connecting to the Database.
Run the following commands as per the RDS Database Engine:
To install the mysql client cli:
To access the database:
To install the psql client cli:
To access the database:
Follow the Connecting to AWS guide.
Go to RDS > DB Instances.
Select Standard Create.
Use one of the DB Engine in the Configuration.
Choose the Available Versions of the Database.
Choose the Templates based on your use-case. It could be Production or Dev/Test.
Scroll Down to the Settings and specify your Database Name.
Choose Cluster Storage Configuration and DB Instance Class.
Go to Connectivity > VPC.
Choose your VPC , DB Subnet Group and Security Group. Make sure the specified Security Group allows inbound db connections.
Click on Create Database.
You will see two endpoints. Copy Writer Type Endpoint.
Go to the Secrets Manager.
Click on Retrieve Secret Value. This secret is storing your Database Username and Password.
Go to DevBox.
Connecting to the Database:
psql -h <RDS Endpoint> --username <Username> -d <Database Name> --password
You can run services and tasks managed by AWS ECS inside of DevBoxes using AWS ECS Anywhere.
Create a new cluster or start with an existing one. Note: you can only register external nodes after the cluster has been created.
Visit Your Cluster > Infrastructure > Container Instances.
Click on "Register external instances".
In the popup, confirm the settings and click on "Generate registration command".
Copy the command for Linux. You will need it later.
In your DevZero box, download the installation script for ECS Anywhere:
Make sure the the downloaded script has the correct permissions:
Run the installation script with the parameters from the command in step #5:
Note: the installation script will also install Docker.
The new instance should now be visible in the ECS console under Your Cluster > Infrastructure > Container instances as "External" instance type.
If you want to add volumes to your services/tasks:
Go to your Task definition.
Scroll down to the "Storage" section.
Click on the "Add volume" button.
Enter the volume name.
In "Configuration type", select "Configure at task definition creation".
Choose "Docker volume" in the "Volume type" section.
Under "Driver" enter "local" and select "Task" as Scope.
Create a new container mount point: Select the container in question, the source volume and enter a mount path.
The new volume should now be available after your task has been created:
If you select "Configure at deployment" in your task definition, you might not be able to deploy it to the external instance type, because this configuration only supports Amazon EBS, which is not available with external instances.
When running tasks/services you should now be able to select "External" launch type in order to run them on your DevBoxes.
Go to AWS Console > IAM > Users > Create user.
Add the following permissions to the user: AmazonSQSFullAccess.
After you obtained the credentials, log into the AWS CLI by running:
Update your SQS access policy to allow access to the new user.
Send a test message to the queue:
Verify you can recieve the messages:
Go to VPC > Endpoints > Create Endpoint.
Enter a name then select "AWS Services" as your Service category.
In the "Services" search bar type "SQS" and select the suggested service.
Under VPC, select your EC2 "relay" VPC.
Select the desired subnets.
Select the desired security groups. Make sure that you allow inbound/outbound access to/from your EC2 instance.
Specify custom VPC endpoint policies, if required.
Click on "Create endpoint" to proceed.
Set your SQS-queue policy as follows:
Running the following in your DevBox terminal:
Will result in:
Running the same command with a custom endpoint should result in no errors however:
Go to AWS Console > IAM > Users > Create user.
Add the following permissions to the user: AmazonS3FullAccess.
After you obtained the credentials, log into the AWS CLI by running:
Update your S3 access policy to allow access to the new user.
Verify you can query the S3 bucket:
Go to VPC > Endpoints > Create Endpoint.
Enter a name then select "AWS Services" as your Service category.
In the "Services" search bar type "S3" and select the suggested service (Interface).
Under VPC, select your EC2 "relay" VPC.
Select the desired subnets.
Select the desired security groups. Make sure that you allow inbound/outbound access to/from your EC2 instance.
Specify custom VPC endpoint policies, if required.
Click on "Create endpoint" to proceed.
Set your S3 Bucket policy as follows:
Running the following in your DevBox terminal:
Will result in:
Running the same command with a custom endpoint should result in no errors however:
Connecting to ElastiCache running in the private subnet of AWS VPC from your DevBox.
Go to Amazon ElastiCache > Redis OSS Cache > Your Cluster.
Select Configuration & Security.
Copy Primary endpoint.
Go to your DevBox and install the Redis CLI:
Access the cluster using the CLI:
Go to Amazon ElastiCache > Create.
Select Design your own cache.
Select Cluster cache in the Creation method.
Use the default configurations for creating the cluster.
Scroll Down to the Cluster info and specify your Cluster Name.
Choose the Engine Version and Node Type in the Cluster settings.
Go to Connectivity section and choose your VPC and Subnet group.
In the next section, choose the Security Group. Make sure the specified Security Group allows inbound connection from the VPC.
Click on Create.
Go to your ElastiCache and copy Primary endpoint.
Go to your DevBox and install the Redis CLI:
Access the cluster using the CLI:
Install the into your DevBox.
Follow the guide.
Install the into your DevBox.
Follow the guide.
Follow guide.
Connecting to OpenSearch running in the private subnet of AWS VPC from your DevBox.
Follow Connecting to AWS guide.
Go to Amazon OpenSearch Service > Domains.
Select your domain and copy your Domain Endpoint.
Go to your DevBox and connect to Service:
Go to Amazon OpenSearch Service > Create domain.
Give a unique Domain name.
Select Standard create in the Creation method.
Use the default configurations for creating the service.
Keep the Data nodes according to your requirements.
Go to Network section and choose your VPC and Subnets.
In the next section, choose the Security Group. Make sure the specified Security Group allows inbound connection from the VPC
Click on Create.
Go to your OpenSearch and copy Domain endpoint.
Go to your DevBox and connect to Service:
This guide explains connecting to an AWS DynamoDB service running on AWS infrastructure from your DevBox.
AWS DynamoDB is a serverless, NoSQL, fully managed database. You will connect through the aws
cli tool by first authenticating into your AWS Cloud account and then accessing the contents of the DynamoDB Service.
If you already have a DynamoDB, you can follow the steps below to access its content from the DevBox.
First, we need to create a recipe for the workspace:
Go to the DevZero Dashboard > Recipes and click on New recipe.
Enter the recipe name and click on Create a recipe.
Now use the below-provided snippet to create a recipe for your workspace:
Click on Save and Build and when the build is successful, click on Publish.
Go to the Devzero Dashboard > Workspaces by clicking New workspace.
Enter the workspace name and click on Select from recipe library.
Select the recipe you just created above and click on Select.
Click on Launch, and your workspace will be ready shortly.
Now, this is where the real task begins. After downloading the `aws' cli package, we will need to authenticate with our AWS account. To do so, follow the below steps:
Go to AWS Dashboard, and on the top right corner, click on the drop-down menu and select Security credentials.
Under the Access Keys section, click on Create Access Key and agree to the Terms and Conditions.
Click create access key
and note down the Secret Access Key as this will only be shown once.
Go to your DevBox and use the following command to configure the aws
cli:
Enter the Access Key and Secret Access Key when prompted.
Enter your default Region of choice, and your aws
cli setup will be completed.
Now, with the above steps, your AWS DynamoDB connections are completed, and you can check that with the following command:
You are connecting to a Azure database instance running in the private subnet of Azure Virtual Network (VNET) from your DevBox.
Here, you will connect to a private Azure database instance from your DevBox. This would be done by setting up a bastion host that advertises the private routes to your DevZero network so that you can access the private service through network tunneling.
Before you begin, follow the Connecting to Azure guide to set up the Bastion Host to access your private Azure services.
To connect to a database running in the private subnet, ensure it is within the same Resource Group and VNET containing the Bastion Host.
If the above criteria is followed then follow the Setting up DNS Private Resolver guide to access the DNS Private Zones.
Now follow the below steps to access the Database instance on your DevBox:
Go to DevBox.
To Setup Database client and connect to the instance, follow these steps:
To install the mysql client cli:
To access the database:
To install the psql client cli:
To access the database:
If you need to make a new database running in a private subnet and access it through DevZero's network, then follow the below steps:
Go to Home > Azure Database for MySQL servers and click on Create.
In the Basics section, select the Resource group you previously selected for your VNET.
Then input your database Server name, Region and the desired MySQL version.
Remember to select the region where your VNET resides.
Under the Authentication section, Enter your Admin Username and password.
Go to the Networking page and under Network connectivity choose Private access (VNet Integration) option as we need to make the instance private.
In the Virtual Network section, select the VNET and Private Subnet.
Click on Review + Create and click on Create to create the database.
Go to Home > Azure Database for PostgresSQL servers and click on Create.
In the Basics section, select the Resource group you previously selected for your VNET.
Then input your database Server name, Region and the desired PostgresSQL version.
Remember to select the region where your VNET resides.
Under the Authentication section, Enter your Admin Username and password.
Go to the Networking page and under Network connectivity choose Private access (VNet Integration) option as we need to make the instance private.
In the Virtual Network section, select the VNET and Private Subnet.
Click on Review + Create and click on Create to create the database.
After creating the database, you need to follow the Setting up DNS Private Resolver guide to access the DNS Private Zones which houses your database's private domain endpoint for easy access.
Now you just need to follow the below steps to install the database clients and connect to DevBox:
Go to DevBox.
To Setup Database client and connect to the instance, follow the steps:
To install the mysql client cli:
To access the database:
To install the psql client cli:
To access the database:
You are connecting to a Kubernetes cluster running in the private subnet of Azure Virtual Network (VNET) from your DevBox.
Here, you will connect to a Kubernetes cluster running in a private subnet from your DevBox. This would be done by setting up a bastion host that advertises the VNET CIDR to your DevZero network so that you can access the private service through the network tunneling.
Before you begin, follow the Connecting to Azure guide to set up the Bastion Host to access your private Azure services.
To connect to AKS running in the private subnet, ensure it is within the same Resource Group and VNET containing the Bastion Host.
If the above criteria are followed, then log into your DevBox and follow these steps:
Go to your DevBox and install Azure CLI:
After the installation is successful, you need to authenticate your Microsoft Azure account with Azure CLI using the following command:
Following your setup with Azure CLI, you also need to download the kubectl binaries:
Install kubectl:
After your initial setup is done, your DevBox should be ready for accessing the cluster:
You need to select your Subscription ID in Azure Cli with the following command:
Use the following command to connect to your cluster:
Check if the cluster is accessible:
If you need to make a new AKS Cluster running in a private subnet and access it through DevZero's network, then follow the below steps:
Go to Home > Kubernetes Services or you can search for Azure Kuberntes Service in the search bar and click on Create Kubernetes Cluster.
In the Basics section, select the resource group you previously selected for your VNET.
Enter your Cluster name and region and choose your desired node image.
Select your desired Node Pool machine configuration in the Node Pools section.
Go to the Networking section and check the Enable private cluster
and Bring your own Azure virtual network
options, respectively.
After checking these two options, you will be asked to choose your VNET. Then, create a new subnet dedicated to Kubernetes and choose that subnet.
Enter a Kubernetes service address range that doesn't overlap with your VNET CIDR. For Example, if your VNET CIDR Range is 10.0.0.0/16, then it is recommended that you make your Kubernetes service address range 192.168.0.0/16.
Provide a Kubernetes DNS service IP Address and enter your DNS name prefix.
Click on Review + Create and click on Create to create Kubernetes Cluster.
Now that you have created the cluster, you need to authenticate your DevBox with the az
cli tool:
Go to your DevBox and install Azure CLI:
After the installation is successful, you need to authenticate your Microsoft Azure account with Azure CLI using the following command:
Following your setup with Azure CLI, you also need to download the kubectl binaries:
Install kubectl:
After your initial setup is done, your DevBox should be ready for accessing the cluster:
You need to select your Subscription ID in Azure CLI with the following command:
Use the following command to connect to your cluster:
Check if the cluster is accessible:
Setting up a DNS Private Resolver so that you can access the Azure Private DNS zones connected to your Azure Virtual Network (VNET).
Here, you will setup DNS Private Resolver through which you would resolve DNS queries from the DNS Private zones and direct them to the Bastion Host. The Bastion Host will then forward those queries to the DevZero Network through advertised routes.
Before you begin, follow the Connecting to Azure guide to set up the Bastion Host to access your private Azure services.
To create a DNS Private Resolver, you need to ensure that you have no other DNS Private Resolver instances in your Resource Group.
If the above criteria are followed, then follow these steps:
Go to Home > DNS Private Resolvers and click on Create.
Enter Subscription and Resource Group name in the Project Details section.
Then enter the instance name and region. Remember to choose the region which houses your VNET.
Then select your Virtual Network (VNET).
In the Inbound Endpoint page, click on Add an endpoint and then enter the endpoint name.
While selecting the subnet for Inbound Endpoint, create a new subnet and then click on Save.
Click on Review + Create and click on Create to create the DNS Private Resolver.
After you are done with creating the DNS Private Resolver, you need to add the DNS IP address to the DevZero Network so that you can use the Azure DNS Private Zones.
Go to Home > DNS Private Resolver and click on the new DNS Private Resolver you just created.
Then navigate to Settings > Inbound Endpoints and note down the IP Address of the inbound endpoint which you created.
Go to DevBox and enter the following command:
we need to add the IP address to this configuration file so that the DevZero Network can use the Conditional Forwarder.
Enter the following line to the resolv.conf
file:
save the file and you will now be able to access the domains within the Azure DNS Private Zones.
For Example, we have a DNS Private Zone named privatelink.postgres.database.azure.com
and it houses a private domain endpoint named test-db-devzero.postgres.database.azure.com
. You can verify the setup by using nslookup
:
If everything goes well then you should see a output similar to this.
You are connecting to a Virtual Machine running in the private subnet of Azure Virtual Network (VNET) from your DevBox.
Here, you will connect to a virtual machine running in a private subnet from your DevBox. This would be done by setting up a bastion host that advertises the VNET CIDR to your DevZero network so that you can access the private service through the network tunneling.
To connect to a Virtual Machine running in the private subnet, ensure it is within the same Resource Group and VNET containing the Bastion Host.
If the above criteria are followed, then log into your DevBox and SSH into the private VM by following these steps:
Go to DevBox.
Copy the private SSH key within the .ssh
directory.
Connect to the virtual machine:
If you need to make a new virtual machine running in a private subnet and access it through DevZero's network, then follow the below steps:
Go to Home > Virtual Machines > Create a virtual machine.
In the Basics section, select the resource group you previously selected for your VNET.
Enter your desired username and select the allow selected ports for the Public inbound ports option.
Go to the Networking section and enter your Virtual Network (VNET). Please remember to choose None in the public IP option because we must make the instance private.
Select the Basic option for the NIC network security group. It will create a security group for you that allows port access for SSH.
Click on Review + Create and click on Create to create virtual machine.
Download the SSH private key when prompted. This will help you SSH into the Bastion Host later.
Go to DevBox and make a copy of the key pair.
Connect to the Virtual Machine using ssh and the new key pair:
Configuring the Azure Storage Account to access its endpoint from DevBox.
Here, you will configure a Storage Account to access it from your DevBox. This would be done by setting up a bastion host that advertises the private routes to your DevZero network so that you can access the private service through network tunneling. You would also need to set up a DNS Private Resolver to access the Storage Account's Private Endpoint from your DevBox.
To configure a Storage Account, ensure it is within the same Resource Group containing the Bastion Host.
Now follow the below steps to configure the Storage Account:
Go to Home > Storage Accounts and click on the Storage Account you want to access through the private endpoint.
Go to Networking > Firewalls and virtual networks tab in the Security + Networking section and under Public network access
choose the Disabled
option. Click on Save. This will make your storage account completely private.
After that, go to Networking > Private endpoint connections and click on Private endpoint.
Choose your Resource group and enter the instance name.
Click Resource and select your desired Target sub-resource
for your private endpoint. Remember that if you have more than one sub-resource type, you need to create a separate endpoint for each one.
Click on Virtual Network and select your Virtual Network (VNET), which houses the bastion host and DNS Private Resolver.
Select a compatible subnet, then click on Next, and leave the rest of the settings as default.
Click on Create, and your Private Endpoint will be created.
To verify if you can access the storage account endpoint from your DevBox, just use the following command in your DevBox:
If you need to make a new Storage Account and access it through DevBox, then follow the below steps:
Go to Home > Storage Accounts and click on Create.
In the Basics section, select the resource group you previously selected for your VNET.
Then, input your account name, region, and desired performance type.
Go to the Networking section and choose Disable public access and use private access
option in Network access.
Click on Add private endpoint and enter the Name, **Storage sub-resource type.
In the Networking section, select the VNET which houses the bastion host.
Select a compatible subnet and then choose your private DNS zone.
Click on OK and then click on Review + Create. Finally, click on Create.
To verify if you can access the Storage Account, follow the below steps:
Go to the DevBox.
Use the following command to see if the private endpoint is accessible to you:
Connecting to an Azure Table Storage from your DevBox.
Here, you will connect to a Table Storage from your DevBox. This would be done by setting up a bastion host that advertises the private routes to your DevZero network so that you can access the private service through network tunneling. You must also set up a DNS Private Resolver to access the Table Storage's Private Endpoint from your DevBox.
To connect to a Storage Account, ensure it is within the same Resource Group containing the Bastion Host.
Now follow the below steps to access the Table Storage on your DevBox:
Go to DevBox and install the Azure CLI tool using the following command:
Login into your Azure account using the login
command:
After you have completed your authentication, go to Home > Storage Accounts and select your storage account.
Then go to the Security + Networking > Access Keys section and note down either of the two access keys presented to you.
After you have acquired the access key, you may use the following command to Check existence and List the available tables:
To check the Existence of the table, use the following command:
To List all the available tables, use the following command:
If you need to make a new Table Storage and access it through DevBox, then follow the below steps:
After the above mentioned steps are completed, you may go ahead and create a container for Blob Storage by following these steps:
Go to Home > Storage Accounts and click on your storage account.
Go to the Data Storage tab and click on Tables.
Create a new Table by entering the table name and clicking on Create.
After creating the table, go to the Security + Networking > Access Keys section and note down either access key.
After creating the table, you must install and authenticate your Azure CLI to easily access Blob Storage. To do so, you may follow the below steps:
Go to DevBox and install the Azure CLI tool using the following command:
Login into your Azure account using the login
command:
You may use the following command to Check existence and List the available tables:
To check the Existence of the table, use the following command:
To List all the available tables, use the following command:
Before you begin, follow the guide to set up the Bastion Host to access your private Azure services.
Then input your VM name and region and choose your desired image. You can view the available images .
Before you begin, follow the guide to set up the Bastion Host to access your private Azure services.
Following the above criteria, follow the guide to access the DNS Private Zones.
If the above steps are completed, you must follow the guide to access the DNS Private Zones.
Before you begin, follow the guide to set up the Bastion Host to access your private Azure services.
Following the above criteria, follow the guide to access the DNS Private Zones.
After successfully setting up the DNS Private Resolver, follow the guide to access the storage account endpoint.
Firstly, you must follow the guide to create and configure a new storage account. After the setup, you must also set up the DNS Private Resolver by following the guide.
Connecting to an Azure Blob Storage from your DevBox.
Here, you will connect to a Blob Storage from your DevBox. This would be done by setting up a bastion host that advertises the private routes to your DevZero network so that you can access the private service through network tunneling. You must also set up a DNS Private Resolver to access the Blob Storage's Private Endpoint from your DevBox.
Before you begin, follow the Connecting to Azure guide to set up the Bastion Host to access your private Azure services.
Following the above criteria, follow the Setting up DNS Private Resolver guide to access the DNS Private Zones.
After successfully setting up the DNS Private Resolver, follow the Configuring Storage Account guide to access the storage account endpoint.
To connect to a Storage Account, ensure it is within the same Resource Group containing the Bastion Host.
Now follow the below steps to access the Blob Storage on your DevBox:
Go to DevBox and install the Azure CLI tool using the following command:
Login into your Azure account using the login
command:
After you have completed your authentication, go to Home > Storage Accounts and select your storage account.
Then go to the Security + Networking > Access Keys section and note down either of the two access keys presented to you.
After you have acquired the access key, you may use the following command to Upload, Download, or list the blob in the container:
To Upload a file as Blob to the container, use the following command:
To Download a Blob from the container, use the following command:
To list all the blobs in the container, use the following command:
If you need to make a new Blob Storage and access it through DevBox, then follow the below steps:
Firstly, you must follow the Configuring Storage Account guide to create and configure a new storage account. After the setup, you must also set up the DNS Private Resolver by following the Setting up DNS Private Resolver guide.
After the above mentioned steps are completed, you may go ahead and create a container for Blob Storage by following these steps:
Go to Home > Storage Accounts and click on your storage account.
Go to the Data Storage tab and click on Containers.
Create a new container by entering the container name and clicking on Create.
After creating the container, go to the Security + Networking > Access Keys section and note down either access key.
After creating the container, you must install and authenticate your Azure CLI to easily access Blob Storage. To do so, you may follow the below steps:
Go to DevBox and install the Azure CLI tool using the following command:
Login into your Azure account using the login
command:
You may use the following command to Upload, Download, or list the Blob in the container:
To Upload a file as Blob to the container, use the following command:
To Download a file from the container, use the following command:
To list all the blobs in the container, use the following command:
You are connecting to an Azure Key Vault from your DevBox.
Here, you will connect to a Key Vault from your DevBox. This would be done by setting up a bastion host that advertises the private routes to your DevZero network so that you can access the private service through network tunneling.
Before you begin, follow the Connecting to Azure guide to set up the Bastion Host to access your private Azure services.
Following the above criteria, follow the Setting up DNS Private Resolver guide to access the DNS Private Zones.
To connect to an existing Key Vault, ensure it is within the same Resource Group that houses the Bastion Host.
To make the connection, you need to set up the IAM role and install dependencies in your DevBox.
Go to Home > Key Vaults and click on the key vault you want to access.
Then go to Access Control (IAM) and click on Add role assignment.
Click on the Key Vault Reader role and click on next.
Click on Select Members and select the users you want to give access to the Key Vault. Click on Select.
Then click on Next and then click on Review + Assign to assign the role.
Now, you can read the Secrets in the key vault without error.
We are assuming the Key Vault is private, and in this case, you will not be able to see the value of the secret. For some reason, if you want to see the value of the secrets, then turn the access to Public in the Settings > Networking section. After viewing the value of the secret, Disable the Public Access again.
Now, to retrieve the value from the secrets using the API, you need to set Service Principals on the Azure Portal using the below steps:
Go to Microsoft Entra ID and click on App registrations.
Click on New registration, enter the app name as you like, and click on Register.
Go to All applications and click on the app you just created.
Copy the Client ID and Tenant ID and add it to the DevBox environmental variables.
Click on Client credentials and click on New client secret.
Enter the description if you want to, and click on Add.
Copy the Value of the client secret you just created and add it to the environmental variables of your DevBox by using the following command.
Now, go to Home > Key Vaults and click on the key vault you want to access.
Then go to Access Control (IAM) and click on Add role assignment.
Click on the Key Vault Reader role and click on next.
Click on Select Members and select the App Name you just registered in Microsoft Entra ID. Click on Select.
Then click on Next and then click on Review + Assign to assign the role.
Here we are using Python to show the key vault usage, you can choose other programming stack as well. Now, you need to install the necessary packages in Python to write the script by following the below steps:
Install the required packages using the following command:
Write the following Python script to retrieve the secret:
If you need to make a new Key Vault and access it through DevBox, then follow the below steps:
Go to Home > Key vaults and click on Create.
In the Basics section, select the Resource group which houses your Bastion Host.
Then input your Key Vault name, Region and the desired Pricing Tier.
You can set the Days to retain deleted vaults duration as you like.
Go to the Networking page and disable the Enable public access and enable the Private Endpoint section.
Click on Create a private endpoint and enter the Resource group, Location, Name, and Target sub-resource type of the endpoint.
In the Networking section, select the virtual network (VNET) you used to set up the DNS resolver and Bastion Host.
Choose a compatible subnet or create a new one, and a new private DNS zone will be created for you.
Click on Ok, then click on Review + Create.
Click on Create to initialize the deployment for the key vault.
To make the connection, you need to set up the IAM Role and install dependencies in your DevBox.
Go to Home > Key Vaults and click on the key vault you just created.
Then go to Access Control (IAM) and click on Add role assignment.
Click on the Key Vault Reader role and click on next.
Click on Select Members and select the users you want to give access to the Key Vault. Click on Select.
Then click on Next and then click on Review + Assign to assign the role.
Now go to Obejcts > Secrets and click on Generate/Import.
Enter the Name and Secret Value and click on Create.
In this case, the Key Vault is private, and you will not be able to see the value of the secret. For some reason, if you want to see the value of the secrets, then turn the access to Public in the Settings > Networking section. After viewing the value of the secret, Disable the Public Access again.
Now, to retrieve the value from the secrets using the API, you need to set Service Principals on the Azure Portal using the below steps:
Go to Microsoft Entra ID and click on App registrations.
Click on New registration, enter the app name as you like, and click on Register.
Go to All applications and click on the app you just created.
Copy the Client ID and Tenant ID and add it to the DevBox environmental variables.
Click on Client credentials and click on New client secret.
Enter the description if you want to, and click on Add.
Copy the Value of the client secret you just created and add it to the environmental variables of your DevBox by using the following command.
Now, go to Home > Key Vaults and click on the key vault you want to access.
Then go to Access Control (IAM) and click on Add role assignment.
Click on the Key Vault Reader role and click on next.
Click on Select Members and select the App Name you just registered in Microsoft Entra ID. Click on Select.
Then click on Next and then click on Review + Assign to assign the role.
Here we are using Python to show the key vault usage, you can choose other programming stack as well. Now, you need to install the necessary packages in Python to write the script by following the below steps:
Install the required packages using the following command:
Write the following Python script to retrieve the secret:
You are connecting to a Container Instance running in the private subnet of Azure Virtual Network (VNET) from your DevBox.
Azure Container Instances (ACI) is a serverless container service that allows you to run isolated containers in Azure without managing underlying infrastructure or orchestrating container deployments. This would occur by setting up a bastion host that advertises the VNET CIDR to your DevZero network so you can access the private service through the network tunneling.
Before you begin, follow the Connecting to Azure guide to set up the Bastion Host to access your private Azure services.
Please make sure your container has a Private IP Address and check if the container is housed in the same Virtual Network as the Bastion Host.
First of all, we need to create a workspace:
Go to DevZero Dashboard.
Navigate to the Workspaces tab and click on New workspace.
Enter the workspace name and click on Select from recipe library.
Click on New Recipe and enter the recipe name and click on Create a recipe.
Select a workspace region and click on Launch.
Follow the Below steps to access your container application from your DevBox :
Connect to the workspace using the following command:
You can access the application running in the container using the curl
command:
If you need to make a new container running in a private subnet and access it through DevZero's network, then follow the below steps:
Go to Home > Container Instances and click on Create.
In the Basics section, select the Resource group you previously selected for your VNET.
Then input your Container name and Region and choose your desired SKU.
Choose your desired Image source between Quickstart images
, Azure Container Registry
, and Other registry
.
We will work with Quickstart images
for this guide.
Select or input the Image and choose the desired size configuration for your container.
On the networking page, choose the Private option and select your VNET and desired subnet.
Click on Review + Create and click on Create to create container.
Follow the steps to create a workspace:
To to DevZero Dashboard.
Navigate to the Workspaces tab and click on New workspace.
Enter the workspace name and click on Select from recipe library.
Click on New Recipe and enter the recipe name and click on Create a recipe.
Select a workspace region and click on Launch.
Follow the Below steps to access your container application from your DevBox :
Connect to the workspace using the following command:
You can access the application running in the container using the curl
command:
You are connecting to an App Service running on your Azure infrastructure from your DevBox.
Azure App Service enables you to build and host web apps, mobile backends, and RESTful APIs in the programming language of your choice without managing infrastructure. This connection between the app service and workspace would occur by setting up a bastion host that advertises the private routes to your DevZero network so you can access the private service through network tunneling. You must also set up a DNS Private Resolver to access the App Service's Private Endpoint from your DevBox.
Before you begin, follow the Connecting to Azure guide to set up the Bastion Host to access your private Azure services.
Following the above criteria, follow the Setting up DNS Private Resolver guide to access the DNS Private Zones.
To connect to an App Service running in the private subnet, please ensure it is within the same Resource Group and VNET containing the Bastion Host.
It would be best if you created a workspace so you can access the app service:
Go to DevZero Dashboard.
Navigate to the Workspaces tab and click on New workspace.
Enter the workspace name and click on Select from recipe library.
Click on New Recipe and enter the recipe name and click on Create a recipe.
Select a workspace region and click on Launch.
Navigate to Networking and open Private Endpoints page.
Click on Add > Express and then enter the name of your private endpoint.
Then select the VNET and a compatible subnet. Turn on the Integrate with private DNS zone option.
Click on Ok, and your private connection to your web app will be successfully deployed.
Follow the Below steps to access your Web App from your DevBox :
Connect to the workspace using the following command:
Copy the Default domain of the App Service you want to access.
Connect to the App Service:
If you need to make a new App Service running in a private subnet and access it through DevZero's network, then follow the below steps:
Go to Home > App Services and click on Create > Web App.
In the Basics section, select the resource group you previously selected for your VNET.
Enter the Name of the web app, choose the Publishing Model between Code, Container.
Select your Runtime Stack, Operating System, Region and then configure your Pricing Plans accordingly.
On the Container page, select your desired Image source from Quickstart images, Azure Container Registry, or Another registry.
For this guide, we will be working with Quickstart images. Then select or input the Image for your container.
In the Networking section, choose the off option under the Enable public access section.
Click on Review + Create and then click on Create.
After deploying the app, open your created service and navigate to Deployment > Deployment Center.
Select a Code Source and then enter the Organisation, Repository, and branch name. After you are done with your configuration, click on Save.
Navigate to Networking and open Private Endpoints page.
Click on Add > Express and then enter the name of your private endpoint.
Then select the VNET and a compatible subnet. Turn on the Integrate with private DNS zone option.
Click on Ok, and your private connection for your web app will be successfully deployed.
Select your Operating System, Region and then configure your Pricing Plans accordingly.
On the Deployment page, choose whether you want to enable Continuous deployment. If enabled, Enter your GitHub Repository details for your source code, such as the Organization, Repository, and Branch names.
In the Networking section, choose the off option under the Enable public access section.
Click on Review + Create and then click on Create.
After creating the web app, navigate to Networking and open the Private Endpoints page.
Click on Add > Express and then enter the name of your private endpoint.
Then select the VNET and a compatible subnet. Turn on the Integrate with private DNS zone option.
Click on Ok, and your private connection for your web app will be successfully deployed.
If you need to make a new static web App Service, then follow the below steps:
Go to Home > App Services and click on Create > Static Web App.
In the Basics section, select the resource group you previously selected for your VNET.
Enter the Web App name, and Hosting plan.
After this, choose the Source Model between GitHub, Azure Devops or Other.
Enter the Organisation, Repository, and branch name.
Click on Review + Create and click on Create.
Navigate to Networking and open Private Endpoints page.
Click on Add > Express and then enter the name of your private endpoint.
Then select the VNET and a compatible subnet. Turn on the Integrate with private DNS zone option.
Click on Ok, and your private connection for your web app will be successfully deployed.
Enter the Organisation, Project, Repository, and branch name.
Click on Review + Create and click on Create.
Navigate to Networking and open Private Endpoints page.
Click on Add > Express and then enter the name of your private endpoint.
Then select the VNET and a compatible subnet. Turn on the Integrate with private DNS zone option.
Click on Ok, and your private connection for your web app will be successfully deployed.
If you need to make a new App Service with database integration, then follow the below steps:
Go to Home > App Services and click on Create > Web App + Database.
In the Basics section, select the resource group you previously selected for your VNET.
Enter the Web App name, and Runtime stack.
After this, select the database Engine, Server name, and Database name.
If you want to, select the Azure Cache for Redis option and choose your Hosting plan.
Click on Review + Create and click on Create.
After deploying the app, open your created service and navigate to Deployment > Deployment Center.
Select a Code Source and then enter the Organisation, Repository, and branch name. After you are done with your configuration, click on Save.
Navigate to Networking and open Private Endpoints page.
Click on Add > Express and then enter the name of your private endpoint.
Then select the VNET and a compatible subnet. Turn on the Integrate with private DNS zone option.
Click on Ok, and your private connection for your web app will be successfully deployed.
It would be best if you created a workspace so you can access the app service:
Go to DevZero Dashboard.
Navigate to the Workspaces tab and click on New workspace.
Enter the workspace name and click on Select from recipe library.
Click on New Recipe and enter the recipe name and click on Create a recipe.
Select a workspace region and click on Launch.
Follow the Below steps to access your Web App from your DevBox :
Connect to the workspace using the following command:
Copy the Default domain of the App Service you want to access.
Connect to the App Service:
Connecting to an Azure File Storage from your DevBox.
Azure File Storage is a fully managed file share in the cloud that is accessible via the industry-standard Server Message Block (SMB) protocol, Network File System (NFS) protocol, and Azure Files REST API. Azure file shares can be mounted concurrently by cloud or on-premises deployments. SMB Azure file shares are accessible from Windows, Linux, and macOS clients.
This connection between the Azure File Share and your DevBox would occur by setting up a bastion host that advertises the private routes to your DevZero network so you can access the private service through network tunneling. You must also set up a DNS Private Resolver to access the File Storage's Private Endpoint from your DevBox.
Before you begin, follow the Connecting to Azure guide to set up the Bastion Host to access your private Azure services.
Following the above criteria, follow the Setting up DNS Private Resolver guide to access the DNS Private Zones.
After successfully setting up the DNS Private Resolver, follow the Configuring Storage Account guide to access the storage account endpoint.
To connect to a Storage Account, ensure it is within the same Resource Group containing the Bastion Host.
First, we need to create a recipe for the workspace:
Go to the DevZero Dashboard > Recipes and click on New recipe.
Enter the recipe name and click on Create a recipe.
Now use the below-provided snippet to create a recipe for your workspace:
Click on Save and Build and when the build is successful, click on Publish.
Go to the Devzero Dashboard > Workspaces and click on New workspace.
Enter the workspace name and click on Select from recipe library.
Select the recipe you just created and click on Select.
Click on Launch, and your workspace will be ready shortly.
Now follow the below steps to access the File Storage on your DevBox:
Connect to DevBox and login into your Azure account using the login
command:
After you have completed your authentication, go to Home > Storage Accounts and select your storage account.
Then go to the Security + Networking > Access Keys section and note down either of the two access keys presented to you.
After you have acquired the access key, you may use the following command to Upload, Download, or list the files in the file share:
To Upload a file to the file share, use the following command:
Here, the --source
tag refers to the File you want to upload, and the --path
tag specifies where you want to upload the File, specifying a directory and output file name.
To Download a file from the file share, use the following command:
Here, the --path
tag refers to the terminal path of the File you want to download from your file share and the --dest
tag specifies how and where you want to save your File by specifying a directory and output file name.
To list all the files in the file share, use the following command:
If you need to make a new File Storage and access it through DevBox, then follow the below steps:
Firstly, you must follow the Configuring Storage Account guide to create and configure a new storage account. After the setup, you must also set up the DNS Private Resolver by following the Setting up DNS Private Resolver guide.
After the steps mentioned earlier are completed, you may go ahead and create a file share for File Storage by following these steps:
Go to Home > Storage Accounts and click on your storage account.
Go to the Data Storage tab and click on File Shares.
Create a new File Share by entering the file share name and clicking on Create.
After creating the file share, go to the Security + Networking > Access Keys section and note down either access key.
First, we need to create a recipe for the workspace:
Go to the DevZero Dashboard > Recipes and click on New recipe.
Enter the recipe name and click on Create a recipe.
Now use the below-provided snippet to create a recipe for your workspace:
Click on Save and Build and when the build is successful, click on Publish.
Go to the Devzero Dashboard > Workspaces and click on New workspace.
Enter the workspace name and click on Select from recipe library.
Select the recipe you just created and click on Select.
Click on Launch, and your workspace will be ready shortly.
After creating the File Share, you must install and authenticate your Azure CLI to easily access File Storage. To do so, you may follow the below steps:
Connect to your DevBox and login into your Azure account using the login
command:
Use the following command to create a directory in the File Share:
You may use the following command to Upload, Download, or list the File in the File Share:
To Upload a file to the file share, use the following command:
Here, the --source
tag refers to the file you want to upload, and the --path
tag refers to where you want to upload the file by specifying a Filectory and output file name.
To Download a file from the file share, use the following command:
Here, the --path
tag refers to the terminal path of the file you want to downfile from your file share, and --dest
tag refers to how and where you want to save your File by specifying a directory and output file name.
To list all the files in the file share, use the following command:
You connect to an Azure Elastic SAN Service running on Azure infrastructure from your DevBox.
Ensure the existing SAN is in the same resource group that houses the Bastion Host.
First, we need to create a recipe for the workspace:
Enter the recipe name and click on Create a recipe.
Now use the below-provided snippet to create a recipe for your workspace:
Click on Save and Build and when the build is successful, click on Publish.
Enter the workspace name and click on Select from recipe library.
Select the recipe you just created above and click on Select.
Click on Launch, and your workspace will be ready shortly.
To connect to the Elastic SAN volumes, we first need to create a Volume Group and give it private endpoint access:
Go to Home > Azure Elastic SAN and click on the SAN you want to access.
Go to Volume groups and click on Create.
Enter the Volume group name and click on Next.
Click on Create a private endpoint and enter the Resource group, Location, Name and select the Volume group you just created.
Select the Virtual network and choose an available subnet.
Select Yes for Integrate with private DNS zone option, and click on Ok.
After creating the endpoint, click on Create.
You can also add your VNET by clicking on Create under the Virtual Networks section and entering the details of the VNET, which exists in the same region as the Elastic SAN instance.
Now, with everything set, we need to create a volume and generate the connection script:
Go to Home > Azure Elastic SAN and click on the SAN you want to access.
Go to Volumes and click on Create volume.
Choose the Volume group and enter the Volume name, Source type and Size of the volume.
Click on Create and wait for it to initialize.
After creating the volume, select the volume and click on Connect.
Note down the script code for Linux as we will use it to connect Azure infrastructure and the DevBox.
Now you need to follow the below steps to connect to DevBox:
Connect to the workspace from your terminal.
Create a Python script by using the following command:
Paste in the connection script we got from the volume.
Run the Python file with elevated access to make the connection:
If you need to make a new Elastic SAN instance and access it through DevZero's network, then follow the below steps:
Go to Home > Azure Elastic SAN and click on Create.
In the Basics section, select the Resource group you previously selected for your VNET.
Then input your SAN Name, Region, and Redundancy type.
You can allocate the desired SAN size in the Resource provisioning on Elastic SAN section.
Remember that the size of your SAN is directly proportional to the IOPS (Input/Output operations per second) and bandwidth allocated to the instance.
In the Networking section, choose the Disabled option for Public network access.
You can also choose the Enabled option and connect to a VNET if you have a VNET in the same Region as the Elastic SAN instance.
Click on Review + Create and click on Create.
Enter the recipe name and click on Create a recipe.
Now use the below-provided snippet to create a recipe for your workspace:
Click on Save and Build and when the build is successful, click on Publish.
Enter the workspace name and click on Select from recipe library.
Select the recipe you just created and click on Select.
Click on Launch, and your workspace will be ready shortly.
To connect to the Elastic SAN volumes, we first need to create a Volume Group and give it private endpoint access:
Go to Home > Azure Elastic SAN and click on the SAN you want to access.
Go to Volume groups and click on Create.
Enter the Volume group name and click on Next.
Click on Create a private endpoint and enter the Resource group, Location, Name and select the Volume group you just created.
Select the Virtual network and choose an available subnet.
Select Yes for Integrate with private DNS zone option, and click on Ok.
After creating the endpoint, click on Create.
You can also add your VNET by clicking on Create under the Virtual Networks section and entering the details of the VNET, which exists in the same region as the Elastic SAN instance.
Now, with everything set, we need to create a volume and generate the connection script:
Go to Home > Azure Elastic SAN and click on the SAN you want to access.
Go to Volumes and click on Create volume.
Choose the Volume group and enter the Volume name, Source type and Size of the volume.
Click on Create and wait for it to initialize.
After creating the volume, select the volume and click on Connect.
Note down the script code for Linux as we will use it to connect Azure infrastructure and the DevBox.
Now, you need to follow the below steps to connect to DevBox:
Connect to the workspace from your terminal.
Create a Python script by using the following command:
paste in the connection script we got from the volume.
Run the Python file with elevated access to make the connection:
is a fully integrated solution that simplifies deploying, scaling, managing, and configuring a SAN while also offering built-in cloud capabilities like high availability. This connection will occur by setting up a bastion host that advertises the private routes to your DevZero network so you can access the private service through network tunneling. You must also set up a DNS Private Resolver to access the Elastic SAN's Private Endpoint from your DevBox.
Before you begin, follow the guide to set up the Bastion Host to access your private Azure services.
Following the above criteria, follow the guide to access the DNS Private Zones.
Go to the and click on New recipe.
Go to the by clicking New workspace.
Go to the and click on New recipe.
Go to the and click on New workspace.
Connecting to GCP Kubernetes Cluster running in the private subnet of GCP VPC from your DevBox.
Follow Connecting to GCP guide.
Go to your DevBox and install Gcloud SDK:
Authenticate your GCP account with Gcloud SDK:
Download the kubectl binaries:
Install kubectl:
Connect to the cluster:
Check if the cluster is accessible:
Go to Kubernetes Engine > Kubernetes Cluster > Create.
Select the standard Cluster, enter the name of the cluster and assign a Regional location where your Private Subnet is located.
Click on Next. In the Node Pool > Default Pool > Nodes > Configure node settings section, choose the desired Machine Configuration for the nodes.
Go to Cluster > Networking and select the Network VPC along with the Private Subnet for the cluster. Choose Private cluster in the IPv4 network access and uncheck the Access control plane using its external IP address checkbox.
Enter a desired Default pod address range and service address range. Here we have taken 192.168.0.0/16 and 192.169.0.0/16 for pod address range and service address range repectively.
Enter the Bastion Host's CIDR Range in the Authorized Networks section.
Click on Create.
Go to your DevBox and install Gcloud SDK:
Authenticate your GCP account with Gcloud SDK:
Download kubectl binaries:
Install kubectl:
Connect to the cluster:
Check if the cluster is accessible:
Connecting to GCP BigQuery Service from your DevBox.
Go to IAM & Admin > Service Accounts.
Click on Create Service Account, enter the Service Account Name and click on Create and Continue.
Click on Select a role, select BigQuery Admin, and click on Continue.
Select the new service account and go to Keys.
Click on Add Key > Create a new key and click on Create.
Connect to your DevZero workspace.
Store the Google Authentication Credentials on the workspace.
Install Python and PIP:
Install BigQuery API:
Set the GOOGLE_APPLICATION_CREDENTIALS environment variable.
Write a Python scipt to test the BigQuery API Connection:
Run the Python Script:
If the connection is successful, you should see "Connected" printed in the terminal output.
Connecting to Compute Instance running in the private subnet of GCP VPC from your DevBox.
Follow Connecting to GCP guide.
Go to Compute Engine > VM Instances.
Click on SSH. You will see the commands for accessing it.
Go to DevBox and make a copy of the key pair.
Connect to Compute Instance:
Go to Compute Engine > Create Instance.
Enter the name of the instance along with region and machine type.
Use one of the supported linux distros.
Choose the Instance type.
Go to Advanced Options > Networking > Network Tags and enter the firewall tags.
Go to Advanced Options > Networking > Network Interfaces, click on Network and choose the VPC where your bastion host is running, then click on Subnetwork and choose the private subnet.
Copy the newly created SSH key pair once the instance is created.
Go to the DevBox and make a copy of the key pair.
Connect to the desired Compute instance using ssh and the new key pair:
Connecting to GCP Cloud Storage Service from your DevBox.
Go to your DevBox and install Gcloud SDK:
Authenticate your GCP account with Gcloud SDK:
Access your cloud storage list by:
Go to Cloud Storage > Buckets.
Click on Create.
Enter a unique name for the bucket and click on Create.
Go to your DevBox and install Gcloud SDK:
Authenticate your GCP account with Gcloud SDK:
Access your cloud storage list by:
Connecting to an Cloud SQL running in the private subnet of GCP VPC to your DevBox.
Follow the Connecting to GCP guide.
Go to Cloud SQL > Instances and note down the Internal IP Address of the instance.
Go to VPC network > Routes and select the region where you have deployed the instance.
Copy the Destination IP Range of the Peering Subnet route which contains the IP address of the Cloud SQL Instance.
SSH into your Bastion Host and enter the following command:
Go to DevBox.
Connecting to the Database.
Run the following commands:
To install the mysql client cli:
To access the database:
To install the psql client cli:
To access the database:
Go to Cloud SQL > Create an instance.
Use one of the database Engine in the Configuration.
Choose the Available Versions of the Database.
Enter your Instance ID and Password.
Go to Choose region and zonal availability and select the zone where you have provisioned your Private Subnet.
Scroll down to Customize your instance > Connections and choose Private IP only.
Enter your VPC when prompted.
Click on create a private service access connection and select Use automatically assigned IP range while choosing Allocated IP range.
Click on Create Instance.
Go to Cloud SQL > Instances and note down the Internal IP Address of the instance.
Go to VPC network > Routes and select the region where you have deployed the instance.
Copy the Destination IP Range of the Peering Subnet route which contains the IP address of the Cloud SQL Instance.
SSH into your Bastion Host and enter the following command:
Go to DevBox.
Connecting to the Database.
Run the following commands:
To install the mysql client cli:
To access the database:
To install the psql client cli:
To access the database:
Connecting to an Firestore instance to your DevBox.
Follow the Connecting to GCP guide.
Connect to your DevZero workspace.
Store the Google Authentication Credentials on the workspace.
Install Python and PIP:
Install Firestore Admin API:
Set the GOOGLE_APPLICATION_CREDENTIALS environment variable.
Write a Python scipt to test the Firestore Admin API Connection:
Run the Python Script:
If the connection is successful, you should see "Connected" printed in the terminal output.
Go to Firestore > Databases and click on Create database.
Choose the Datastore Mode and click on Continue.
Enter your Database ID and select the between Region and Multi-region mode.
Choose your desired region and click on Create Database.
Connect to your DevZero workspace.
Store the Google Authentication Credentials on the workspace.
Install Python and PIP:
Install Firestore Admin API:
Set the GOOGLE_APPLICATION_CREDENTIALS environment variable.
Write a Python scipt to test the Firestore Admin API Connection:
Run the Python Script:
If the connection is successful, you should see "Connected" printed in the terminal output.
Connecting to an Firestore instance to your DevBox.
Connect to your DevZero workspace.
Store the Google Authentication Credentials on the workspace.
Install Python and PIP:
Install Firestore Admin API:
Set the GOOGLE_APPLICATION_CREDENTIALS environment variable.
Write a Python scipt to test the Firestore Admin API Connection:
Run the Python Script:
If the connection is successful, you should see "Connected" printed in the terminal output.
Go to Firestore > Databases and click on Create database.
Choose the Native Mode and click on Continue.
Enter your Database ID and select the between Region and Multi-region mode.
Choose your desired region and click on Create Database.
Connect to your DevZero workspace.
Store the Google Authentication Credentials on the workspace.
Install Python and PIP:
Install Firestore Admin API:
Set the GOOGLE_APPLICATION_CREDENTIALS environment variable.
Write a Python scipt to test the Firestore Admin API Connection:
Run the Python Script:
If the connection is successful, you should see "Connected" printed in the terminal output.
Connecting to Memorystore running in the private subnet of GCP VPC from your DevBox.
Go to Memorystore > Clusters.
Select your Instance and copy your Domain Endpoint.
Go to your DevBox and connect to Service:
Go to Memorystore > Clusters and click on Create Instance.
Enter the Cluster ID and choose the region.
Choose the Node type, Cluster Size and Replicas.
Choose the VPC Network under the Set up connection section.
Setup the service connection policy if prompted.
Fill in the network name and the private subnet in the policy section.
After setting up the connection policy, click on Create Cluster.
Go to Memorystore > Clusters.
Select your Instance and copy your Domain Endpoint.
Go to your DevBox and connect to Service:
Follow the guide.
Follow guide.
You are connecting to a GCP Secret Manager from your DevBox.
Here, you will connect to a GCP Secret Manager from your DevBox. This can be done using any programming language API, but for the scope of this document, we will use Python.
To connect to an existing Secret Manager, Follow the below steps:
To make the connection, you need to set up the IAM service account.
Go to IAM & Admin > Service Accounts* and click on Create Service Account.
Enter the Service Account Name and click on Create and Continue.
Click on Select a role, select Secret Manager Admin
, and click on Continue.
Select the new service account and go to the Keys tab.
Click on Add Key > Create a new key and click on Create.
Now, to retrieve the value from the secrets using the API, you need to authenticate the gcloud
CLI and verify the process with the access key we just downloaded by following the below steps:
Go to DevBox and store the Google Authentication Credentials on the workspace.
Install Python and PIP:
Install Secret Manager API:
Set the GOOGLE_APPLICATION_CREDENTIALS environment variable by using the following command:
Write a Python script to test the Secret Manager API Connection:
Run the Python Script:
If the connection is successful, you should see Secret printed in the terminal output.
If you need to make a new Secret Manager and access it through DevBox, then follow the below steps:
Go to Security > Secret Manager and click on Create Secret.
Enter the Name of the secret and then either upload your Secret or enter it within the box provided.
If you are storing an API Key secret, then it is advisable to check the box for Set rotation period under the Rotation section.
To make the connection, you need to set up the IAM service account.
Go to IAM & Admin > Service Accounts* and click on Create Service Account.
enter the Service Account Name and click on Create and Continue.
Click on Select a role, select Secret Manager Admin
, and click on Continue.
Select the new service account and go to the Keys tab.
Click on Add Key > Create a new key and click on Create.
Now, to retrieve the value from the secrets using the API, you need to authenticate the gcloud
CLI and verify the process with the access key we just downloaded by the below steps:
Go to DevBox and store the Google Authentication Credentials in the workspace.
Install Python and Pip:
Install Secret Manager package:
Set the GOOGLE_APPLICATION_CREDENTIALS environment variable by using the following command:
Write a Python script to test the Secret Manager API Connection:
Run the Python Script:
If the connection is successful, you should see Secret printed in the terminal output.
Connecting to GCP Cloud Run Service from your DevBox.
GCP Cloud Run is a serverless service offered by GCP to manage a computing platform that enables you to run invocable containers via requests or events. In this, we will set up a pipeline for our project within DevBox; it will be routed through Cloud Run. Then, depending on the type of project, we can either access it through the web or through the internal VPC of Google Cloud Infrastructure.
If you have an existing Cloud Run Container deployed, follow the steps below to access its content from the DevBox. Ensure the Cloud Run Deployment has the Require authentication
option selected in the Security section.
First, we need to create a recipe for the workspace:
Go to the DevZero Dashboard > Recipes and click on New recipe.
Enter the recipe name and click on Create a recipe.
Now use the below-provided snippet to create a recipe for your workspace:
Click on Save and Build and when the build is successful, click on Publish.
Go to the Devzero Dashboard > Workspaces by clicking New workspace.
Enter the workspace name and click on Select from recipe library.
Select the recipe you just created above and click on Select.
Click on Launch, and your workspace will be ready shortly.
Now, this is where the real task begins. After downloading the gcloud
package, we must authenticate with our Google Cloud account. To do this, we need to run the simple command.
After running the command, you will be given various options for choosing your Google account, default Project, and default Compute Region and Zone. You can choose what you prefer.
To access your Cloud Run container privately, you need to send a GET
request with an authentication token.
Follow the below steps to generate the Authentication token and access the Cloud Run application:
Use the below command to get the token:
Export the token to an environmental variable:
Now that everything is set, we can finally finish this all off by accessing the applications with the curl
command:
If you want to create a new Cloud Run Container, you can follow the below steps.
Go to Cloud Run > Services and click Deploy Container.
Choose a deployment method between Deploy one revision from an existing container image, Continuously deploy from a repository (source or function).
We are creating a container with an existing demo image for this guide.
Enter your Container Image URL or select by clicking on Select.
Click on Set Up with Cloud Build and follow the instructions.
Then Enter your Service Name and Region of deployment.
Select Require authentication option in the Authentication section.
Leave the remaining configurations as default and click on Create.
First, we need to create a recipe for the workspace:
Go to the DevZero Dashboard > Recipes and click on New recipe.
Enter the recipe name and click on Create a recipe.
Now use the below-provided snippet to create a recipe for your workspace:
Click on Save and Build and when the build is successful, click on Publish.
Go to the Devzero Dashboard > Workspaces by clicking New workspace.
Enter the workspace name and click on Select from recipe library.
Select the recipe you just created above and click on Select.
Click on Launch, and your workspace will be ready shortly.
Now, this is where the real task begins. After downloading the gcloud
package, we must authenticate with our Google Cloud account. To do this, we need to run the simple command.
After running the command, you will be given various options for choosing your Google account, default Project, and default Compute Region and Zone. You can choose what you prefer.
To access your Cloud Run container privately, you must send a GET
request with an authentication token.
Follow the below steps to generate the Authentication token and access the Cloud Run application:
Use the below command to get the token:
Export the token to an environmental variable:
Now that everything is set, we can finally finish this all off by accessing the applications with the curl
command: