0

I would like to access all my Flask routes of my Python application running in a Google App Engine only from a React-JS frontend and therefore deny all other requests which are not coming from that frontend.

Sofar I've created a Service Account (SA), enabled IAP for the target App Engine resource, assigned the IAP-secured Web App User role to that SA, so that only this SA can access my application. Now, the missing part is how to let my frontend (in React-JS) use that SA to access the backend resources.

mvn1587
  • 11
  • 3
  • 1
    Not sure of what prefabs you are working with, but wouldn't you just put some code in to verify they are logged in before display the results? This way nothing can be returned unless they have a credential, ie are using the front end. – easleyfixed Jan 13 '23 at 18:17
  • My goal would be to avoid that some random user makes thousands of requests to my backend, which means increasing costs and possibly slowing down the application. Is Cloud Armor the only way to avoid it? Or is my approach meaningful? – mvn1587 Jan 13 '23 at 18:37
  • Unfortunately my experience is with the direct hardware its self versus virtualized/cloud variations, hopefully someone can have an answer for you on this. – easleyfixed Jan 17 '23 at 18:33

0 Answers0