0

How to setup access to VM instance with static ip through Google OAuth like Cloudflare Access?

Now I can setup access only for Service Account, Tags and some range of IP Addresses How it can be configured only for specific gmail-users?

Screenshot of Cloudflare Access when I'm trying to connect to VM with static IP address:

enter image description here

Jan Hernandez
  • 4,414
  • 2
  • 12
  • 18
Marat Zimnurov
  • 1,462
  • 9
  • 15
  • You can configure IAM Official Documentation: https://cloud.google.com/iap/docs/concepts-overview [![Example of IAM architecture by Google IAM](https://i.stack.imgur.com/we07M.png)](https://i.stack.imgur.com/we07M.png) – Marat Zimnurov Dec 10 '20 at 18:17
  • You want to grant access to your VMs (ssh) via Google Sign In and only allow access via specific static IP? – Jan Hernandez Dec 11 '20 at 16:02
  • @JanHernandez I want to serve a web app with SSR on Compute Engine with Google Identity. – Marat Zimnurov Dec 11 '20 at 16:44
  • 1
    As I understood, GCP not provides free permanent dns name, and if you want configure some Google Identity you must have own domain. https://serverfault.com/questions/948800/setting-up-publicly-accessible-dns-name-in-google-cloud-dns – Marat Zimnurov Dec 11 '20 at 16:51
  • you can use [GCP IAP proxy](https://cloud.google.com/iap/docs/enabling-compute-howto) to enable this feature, but as you mention it is necessary a domain to setup the OAuth consent scree – Jan Hernandez Dec 11 '20 at 17:26

1 Answers1

0

Jan Hernandez already answered in a comment, however I still want to answer:

Identity Aware Proxy actually lets you perform what you are looking for, it's a GCP component that give you the option to restrict access to resources by access level, this can be done with gmail users as well, however you'll need to set up an OAuth consent screen.

Give it a look and try it.

AdolfoOG
  • 186
  • 7