I have an application deployed to google cloud app engine (flex environment). The application consists of two parts: FrontEnd (Angular) and BackEnd(Spring boot). Each one of these applications is deployed to a different service under the same app engine. Is there any way to apply a firewall rule to the BackEnd service to deny all requests except the ones coming from the FrontEnd service? Note: I have many services under the same app engine, so I need to apply the rule only to one service so that other services will not be affected.
How to make a service only accessible from another service under the same app engine in google cloud
Asked
Active
Viewed 366 times
2
-
Hi. A feature request was created for this matter. Check https://issuetracker.google.com/issues/110763628 – Federico Panunzio Jun 25 '18 at 09:47
1 Answers
1
There is no way to do that currently as the App Engine firewall will affect all your services, dispatch.yaml will not prevent clients from accessing your project using [project_name].appspot.com and adding network in app.yaml settings will only have effect in context of that network.
One workaround could be to set a different project and allowing access there only from another Google Cloud Project. Otherwise you can set checking authentication on the background instances using service accounts.
A.Queue
- 1,549
- 6
- 21