I have two backend projects in GCP - And I want to to have a firewall on both of these such that the only thing that can access either of them is an IP and the backends themselves. It is straightforward to set the IP (I can simply create a new rule and fill in the IP), but I don't see how I can add one of the backends ?
Asked
Active
Viewed 69 times
1 Answers
1
App engine does not have a fixed IP address. So, if you wanted to filter the access by IP Address, you will need run on your GCP shell the following commands in order to know and add all the network range that you obtained.
nslookup -q=TXT _cloud-netblocks.googleusercontent.com 8.8.8.8
Here is the documentation about it.
blueboy1115
- 81
- 2
-
ok, so it is not possible to safely isolate the other app to only be able to communicate with the other ? (without starting going bananas with Oauth or something like that). I guess this would result in letting a range of IPs through ? – user1511956 Nov 04 '20 at 08:04
-
I am considering putting one of the services in my own linux box in the basement, lol. Then I will be able to filter on IP. – user1511956 Nov 04 '20 at 08:05
-
Yes, is the only inconvenient that I have found when I use App Engine, trying to filter the access to your app is complicated. Well, if you find my answer useful, or give you some light about this issue, please consider upvoting/accepting it, thank you! – blueboy1115 Nov 04 '20 at 15:22
-
Thank you! It is as close as I can get in that scenarios I suppose. Maybe I will have a "key" in both backends and validate (with private repos of course) – user1511956 Nov 04 '20 at 19:05