Is possible to secure communication between Google App Engine and Google Compute Engine?

0
votes

I deployed an app with nodejs on Google App Engine and mongodb on Compute Engine. Without security rules, GAE can successfully connect to mongodb, but when I set a security rule which allow to access port 27017 of the VM from the App Engine service account I get timeout request so mongodb is not reachable.

As is not possible to set a static ip to GAE, is there another solution to securing mongodb on Compute Engine?

2
mongodbgoogle-app-enginegoogle-cloud-platformgoogle-compute-engine

2 Answers

0
votes

Check the priority of firewall allow rule and deny rule. Lower numbers have higher priorities. Be sure that the allow firewall rule has a higher priority than other rules that might deny traffic.

0
votes

Yes, at the moment you're not able to set a static external IP on your GAE application.

There's a possible workaround for GAE Flex to solve your issue:

  1. reserve an external static IP
  2. create f1-micro VM instance with reserved external IP address (this likely fits in the Compute Engine free tier)
  3. create a firewall rule to allow connection to MongoDB server from reserved external IP
  4. create a SOCKS proxy by running a ssh client that routes the traffic through created VM similar to this example
  5. configure nodejs application to use SOCKS Proxy
  6. connect to MongoDB server

UPDATE

Also, if you application can run over HTTP proxy you can Squid proxy installed on this VM instead of SOCKS Proxy.