Questions tagged [google-cloud-identity-aware-proxy]
40 questions
0
votes
1 answer
Forwarding OAuth 2 credentials from an authenticated request (in GCP specifically)
I have an AppEngine application that is behind an IAP (identity-aware proxy), so it receives requests that are authenticated and include a JWT token. From the AppEngine application I want to make a request to the Google Sheets API. That also…
fedmest
- 709
- 5
- 17
0
votes
1 answer
Least privilege IAM setup for managing a GKE private cluster using a bastion host
I would like to create a bastion host to manage a private GKE cluster on GCP.
The bastion host is a GCE VM named bastion.
The cluster is a GKE private cluster named cluster.
The flow should be:
User -> (SSH via IAP) -> bastion -> (gke…
SubZeno
- 341
- 3
- 15
0
votes
1 answer
Does Identity-Aware Proxy re-use an IP address for simultaneous users?
When using Identity Aware Proxy to tunnel SSH traffic to a VM, the incoming traffic comes from an IP address in the range: 35.235.240.0/20.
If more than user connects to a VM at the same time, does IAP reuse an IP address, or does it guarantee that…
Thomas Ruble
- 842
- 6
- 14
0
votes
0 answers
Is there a way to connect Cloud Builld through proxy to GKE priivate cluster?
I'm looking for a way to connect Cloud Build through proxy instance (GCP VM) to be able to deploy to GKE private cluster.
I have bastion host with IAP and tinyproxy installed, and I'm able to connect into it with gcloud ssh, with --…
0
votes
1 answer
When creating a device-based access level in Google Access Context Manager, Device Policy attributes not an option via console
I am attempting to follow this tutorial. My end goal is to apply device-based access levels on Identity-Aware Proxy (IAP)-secured resources, specifically App Engine. However, as the documentation states:
In the New Access Level pane, in the…
Ryan Stack
- 1,231
- 1
- 12
- 25
0
votes
2 answers
Add firewalls to IAP secured App Engine app with Member: allUsers granted 'IAP-secured Web App User'
I have multiple App Engine Services in the same Google project. My wish is to enable IAP for some of the services and not others (in the same project), however, I know that this is not possible. For the services that I ideally don't want IAP…
Ryan Stack
- 1,231
- 1
- 12
- 25
0
votes
1 answer
Gmail Access Filter for GCP VM Instance
How to setup access to VM instance with static ip through Google OAuth like Cloudflare Access?
Now I can setup access only for Service Account, Tags and some range of IP Addresses
How it can be configured only for specific gmail-users?
Screenshot of…
Marat Zimnurov
- 1,462
- 9
- 15