Menu
I have a GAE project (flexible) consisting of 1 default and 2 subservices:
foo.appspot.comservice1.foo.appspot.comservice2.foo.appspot.comNow I want to use foo.appspot.com as API proxy & auth gateway to the internal services service1 and service2. The proxy itself I wrote and it is working fine.
I am struggling with adjusting the GAE Firewall to forbid incoming world traffic to service1 and service2 because I would like force an API user to send requests to foo.appspot.com. Traffic to the default service foo should be allowed.
It seems I can just enter IPs in the Firewall settings but not service names. The docs says that it should work but does not show how.
Thanks for the help!
286
Whenever you create a project in GCP there is a default firewall-rule called: "default-allow-ssh", which allows 0.0. 0.0/0 on port 22, which makes it easy to ssh into the machines with external ip from the browser.
The App Engine default service account is associated with your Cloud project and executes tasks on behalf of your apps running in App Engine. By default, the App Engine default service account has the Editor role in the project.
The only way you can delete the default version of your App Engine app is by deleting your project. However, you can stop the default version in the GCP Console. This action shuts down all instances associated with the version. You can restart these instances later if needed.
App engine Flex environment is built on the Google Compute Engine and consequently, it supports the Virtual Private Cloud networking system. With the VPC networks, you can configure firewall rules that would use Instance Tags to determine the target or source component in a firewall rule. Hence, you simply have to configure the app.yaml files of the target service/version to use the appropriate instance tags.
79
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
