I'm trying to make http requests from an app engine instance to a firebase function allowed for internal requests only.
// index.js (firebase functions)
const egressOpts = {
vpcConnector: 'the-vpc-connector',
vpcConnectorEgressSettings: 'ALL_TRAFFIC'
}
exports.processTransaction = functions
.runWith({
...egressOpts,
ingressSettings: 'ALLOW_INTERNAL_ONLY',
timeoutSeconds: 300
})
.https.onRequest(processTransaction)
It is said that appengine flex instances live on the same network as cloud functions, so they should "talk" to each other with no additional configuration (as seen here).
But what if my function is connected to a VPC through a serverless vpc connector? Do I need to connect my GAE instance to the same network? And how do I do that?
I tried to deploy a standard GAE with the vpc connector, but nothing changed:
runtime: nodejs14
env: standard
manual_scaling:
instances: 1
resources:
cpu: 2
memory_gb: 2.0
disk_size_gb: 10
vpc_access_connector:
name: "projects/the-project-id/locations/us-central1/connectors/the-vpc-connector"
I also tried to assign the Cloud Function Invoker role to the GAE service account, but no success.
Adding more context, this is my flex GAE app.yaml (I'm deploying with cloud builder):
runtime: nodejs
env: flex
manual_scaling:
instances: 1
resources:
cpu: 2
memory_gb: 2.0
disk_size_gb: 10
vpc_access_connector:
name: "projects/the-project-id/locations/us-central1/connectors/the-vpc-connector"
skip_files:
- ^node_modules
- ^dev_credentials
- ^deployment
The error I'm getting on stackdriver is:
</body></html>
<h2></h2>
<h2>Your client does not have permission to get URL <code>/processTransaction</code> from this server.</h2>
<h1>Error: Forbidden</h1>
<body text=#000000 bgcolor=#ffffff>
</head>
<title>403 Forbidden</title>
What am I missing here?
