Restricting web api deployed in App Engine Flex from outside

0
votes

I have a web api that's been deployed on google cloud's app engine flex. The primary function of this service is to call another service (within the same google cloud project) every 4 hours via google cloud scheduler.

Since this service is purely automated, I'd like to restrict anybody from being able to hit it's endpoint externally. I know that public IP addresses can be removed from VM instances in Compute Engine, but how do I do that in GAE?

1
google-app-enginegoogle-cloud-platformapp-engine-flexible

1 Answers

0
votes

You can restrict the access to you App Engine Flex application using firewall rules. Here you have the documentation for controlling the access to your application using Firewall Rules.

Another option is enabaling IAP ( Identity-Aware Proxy ). Afterwards you will need to configure your another service to be able to connect through IAP and nobody else will have access to your app.