I have an API that I host through Google Cloud. The main entry point for the API is an App Engine instance (standard), which then needs to be able to call various cloud functions to execute its tasks.
To make the cloud functions secure, I want to set the ingress controls to "Allow internal only".
I've deployed the cloud functions and the App Engine in the same region (us-central1), but every time the App Engine instance tries to call a cloud function, it gets a 403 error. I've tried setting up a VPC connector for the App Engine, but that isn't helping.
Here's the app.yaml file:
service: my-test-app
runtime: nodejs10
env_variables:
STAGE: "dev"
instance_class: F1
vpc_access_connector:
name: "projects/my-test-project/locations/us-central1/connectors/test-vpc-connector"
The key cloud function configuration is the Ingress Setting. I have it set to Allow internal traffic only. If I set it to Allow all traffic, everything works (just highly insecure!)
Any suggestions on what I might be missing?
