Having successfully created and deployed an image to the GCP MarketPlace, when attempting to update it with a newly created image of our latest release, when attempting to run the "Deployment Preview" and launching the VM I am unable to ssh to the VM to test its working as expected, as the connection attempt fails with error:
Connection via Cloud Identity-Aware Proxy failed Code: 4003 Reason: failed to connect to backend
Please ensure that: your user account has iap.tunnelInstances.accessViaIAP permission VM has a firewall rule that allows TCP ingress traffic from the IP range 35.235.240.0/20, port: 22 you can make a proper https connection to the IAP for TCP hostname: https://tunnel.cloudproxy.app You may be able to connect without using the Cloud Identity-Aware Proxy.
Below are what I have tried based on error messages in the "SSH browser" connection attempt, and suggestions to resolve:
- Added "IAP TCP forwarding" as detailed at https://cloud.google.com/iap/docs/using-tcp-forwarding#create-firewall-rule
- Added "iap.tunnelInstances.accessViaIAP" permissions to user account as detailed at https://cloud.google.com/iap/docs/managing-access#managing_access_with_the_api
- Added Automatic Startup Script "ufw allow 22" as detailed at Error 4003: can't ssh login into the instance that I created in google cloud platform and restarted VM