implementing-gcp-vpc-firewall-rules
Installation
SKILL.md
Implementing GCP VPC Firewall Rules
When to Use
- When deploying new GCP workloads that require network-level access controls
- When auditing existing firewall configurations for overly permissive rules
- When implementing zero trust network segmentation within GCP VPC networks
- When responding to Security Command Center findings about open firewall rules
- When building hierarchical firewall policies across a GCP organization
Do not use for application-layer filtering (use Cloud Armor WAF), for DNS-based filtering (use Cloud DNS response policies), or for VPN/interconnect traffic filtering without understanding that VPC firewall rules apply to traffic within the VPC.
Prerequisites
- GCP project with Compute Engine API enabled
- IAM roles:
roles/compute.securityAdminfor firewall management,roles/compute.networkViewerfor auditing - Organization Admin role for hierarchical firewall policies
- gcloud CLI authenticated with appropriate permissions
- VPC Flow Logs enabled on target subnets for monitoring