Reputation: 20210
Why is my google cloud platform showing traffic?
I have not used my GCP account in months and shut everything down yet I still see this
I have never use the compute engine api. I went in and disabled it. I am just curious for self-knowledge here as to why it would be recording anything BUT 'my personal requests'. I wonder if it is recording hackers hitting the api? or port scanners? not really sure her. Anyone know?
Upvotes: 2
Views: 645
Answers (2)
Reputation: 6344
Confirmed with a Google Cloud Platform support agent, in short:
There is nothing to be worry on the traffic that can be seen under Compute Engine API as it is designed to run for different purposes on your project.
More precisely:
These methods are part of the Compute Engine API for your vm instance and the logs of traffic does not mean that these are the traffic that goes inside and outside of your VM instance from any users. Instead these traffics means the response of the VM instances for the services under the API even though it is stopped which is normal.
For example, there is a method on the table logged named instances.getScreenshot, this method returns the screenshot from the specified instance. Screenshot is used as part of the project service for troubleshooting your VM instances whenever you goes to console under VM instances information > Screenshot tab, the traffic was recorded by the API and response to your request.
Another example is the method named backendServices.list, this retrieves the list of BackendService resources available to the specified project. This is part of the API for the project to return that information. All of these traffic are used within the project. For more information regarding GCP compute engine API, you can refer to this guide to understand more of the methods used. Meaning, there is nothing to be worry on the traffic that can be seen under Compute Engine API as it is designed to run for different purposes on your project.
Moreover, regarding potential charges of that traffic:
That traffic will not contribute to your charges as charges in GCP pertains to those resources only consumed. [...] please note that the charges on your VM instances that are currently stopped are the resources attached to it like the disks and the external IP address if there's any.
You can check more details on pricing in this VM Instance Pricing guide.
Additionally, here's a guide on how to access this traffic metric:
- Go to GCP Console
- Click on hamburger menu
- Click on APIs & Services
- Scroll down to the bottom of the Dashboard and click on the Compute Engine API from the list of filters
- Click on 'View metrics' button on the bottom of 'Traffic by response code' card
This is what it looks like:
Upvotes: 0
Reputation: 6372
You can have a look on the metrics page and add the view Traffic by credential. All that traffic is Anonymous or Unspecified - meaning that is not performed by any of the service accounts that you created in the project.
Hence the requests have a stable pattern and never stop, I think those aren't external port scanners :).
I guess the traffic is generated by google's system services (billing/monitoring etc), especially because the traffic is present only on the compute engine API.
Upvotes: 3
Related Questions
- Compute Engine has detected suspicious activity
- GCP Compute Engine API keep requesting
- GCP cant disable compute engine
- Why do i see traffic on the Compute Engine API?
- GCE shows only ~15% usage but top shows ~99%
- Google Cloud: GCE incoming traffic from 1e100.net showing up in iptables
- GCP: instance listed via gcloud command but not described
- Google Cloud VPS network traffic
- Google Cloud Compute engine CPU usage shows 100% but dashboard only shows 10% usage
- Google cloud compute not recognizing any resources