Using Cloud IAM to limit access to App Engine in Google Cloud Platform

1
votes

I have an app running on google cloud platform. I have access to lists of people (in my organisation) through Cloud IAM. I only want my app engine app to be accessible to some of these lists with them having to log on with their Google Account before being allowed in to the site (is this how Cloud IAM permissions work or is this single service sign-on?).

What kind of rules or roles do I need to set just to allow groups or lists to see and use an application?

In cloud IAM i see these potential roles related to app engine.

enter image description here

The 'App Engine Viewer' role has this description: "Ability to view App Engine app status.". Is this what I want?

1
google-app-enginegoogle-cloud-platformgoogle-iamgoogle-cloud-iam

1 Answers

1
votes

You need to use Cloud IAP to limit users authentication to your AppEngine application.

Roles you mentioned (as AppEngine Viewer...) permits you to limit administration rights on your app: to only publish a new version, or only browse informations about your app deployment.

You can start easily with IAP with this good and official tutorial.