Setup:
I have a local instance of home assistant.
Goal:
Have google assistant integration without opening port on local network.
Question:
If I host another bare bone instance of home assistant on oracle cloud with port open for google assistant, and then just forward the messages (using MQTT) from google assistant to my local instance , will that work or I am crazy to even think about it.
The reason behind my question is, if I open the port on remote instance (and not local) and that instance gets compromised, attacker will be only able to post mqtt messages which I am specifically listening for on my local instance. That is way less risky than having them access to the whole working instance of home assistant which has other critical integrations and credentials. In essence, any integration which requires open port goes on the cloud hosted instance and forwards the request to local instance , keeping a safe boundary between remote and local instance.
(Some people may argue that it is too much work for little gain, but I believe everyone has a difference risk tolerance. )