Chr*_*row 5 google-app-engine firewall firebase google-cloud-platform firebase-hosting
I need to set up security in a Google Cloud project, so that App Engine apps can only be accessed internally by other App Engine apps in the project. I also need to allow a Firebase hosted app to access App Engine apps.
Allowing access to all App Engine apps in my project is easy. I just add an App Engine Firewall rule to allow the following IP address:
0.1.0.40
If I then set the default Firewall rule to deny (i.e. to prevent access to anything that doesn't connect using 0.1.0.40), it prevents all access to our Firebase hosted app, that needs to use our Endpoints API that runs under App Engine. In other words, the Firebase hosted app doesn't connect using the IP address 0.1.0.40. I can't specify the domain name of the Firebase app in the App Engine Firewall, as it only accepts IP addresses.
How can I allow access to the Firebase app? What techniques should I be looking at to achieve what I need?
UPDATE
I looked at the suggestion from @John Hanley, to use Internet Aware Proxy (IAP). This blocks access to AppEngine apps from any external domains, except for the appspot.com domain for my GCP project. I looked at this IAP FAQ that has a section on 'How do I access my app from more URLs?'. I added the domain that my Firebase app is on, however the access is still blocked. How can I access the Firebase app URL using IAP?
| 归档时间: |
|
| 查看次数: |
242 次 |
| 最近记录: |