Identity Aware Proxy (IAP) for a URL - Google app engine

Question

We have two projects -

Project 1 - Google App engine standard python 2.7. Project 2 - Google Appp engine standard python 3.3

Project 1 application is secured using Firebase user authentication. We have a need to access a particular function (URL) of Project 1 accessing from Project 2. The call from Project 2 will be done by the server (not user). We need this to be secure.

Can we enable just this function (URL) in Project 1 with IAP? And use the instructions here to authenticate?

It the above is not a solution, what are our options?

Juan David Ramirez Villegas Juan David Ramirez Villegas · Accepted Answer · 2020-09-25T17:40:24

Yes, the link you provide exposes proper solutions. Although, I believe the best one is to use a Service Account for Project 2 that allows access to Project 1 resource (Use the proper Cloud Function role).

Include the Service Account credentials in Project 2 and use the proper library to call the service using the Service account credentials. Learn how to create a Service account credential here

Identity Aware Proxy (IAP) for a URL - Google app engine

1 Answers