GCP StackDriver Firewall Log

Here’s one way how to look at traffic hitting a GCP firewall. To view the traffic activity, go to Stackdriver Logging > Viewer. Enter the following search string. Just replace the network name and firewall name.

logName:(projects/project-name/logs/compute.googleapis.com%2Ffirewall) 
AND jsonPayload.rule_details.reference:("network:network-name/firewall:firewall-name")

AWS Security Groups IP Cidr

Here’s how to search for AWS Security Groups containing this IP Cidr.

aws ec2 describe-security-groups \
--filter Name=egress.ip-permission.cidr,Values='10.8.8.8/32' \
--query "SecurityGroups[*].{Name:GroupName}" \
--output text \
--profile default \
--region us-east-1

Search with ports.

aws ec2 describe-security-groups \
--filter Name=egress.ip-permission.cidr,Values='10.8.8.8/32' \
         Name=egress.ip-permission.from-port,Values='22' \
         Name=egress.ip-permission.to-port,Values='22' \
--query "SecurityGroups[*].{Name:GroupName}" \
--output text \
--profile default \
--region us-east-1

Query will only display the Security Group name.

GCP CLI Create Firewall

Here’s how to add a firewall rule in Google Cloud Platform CLI

gcloud compute firewall-rules create "firewall-name" \
--description="firewall-description" \
--priority "1000" \
--direction INGRESS \
--action allow \
--network "network-name" \
--target-service-accounts="service@account.net" \
--source-ranges="10.0.0.0/8" \
--rules tcp:9001

Describe firewall rule.

gcloud compute firewall-rules describe firewall-name

Delete firewall rule.

gcloud compute firewall-rules delete firewall-name