Rapid API and GCloud Run integration. Firewall setup

Question

I am trying to set up access for Rapid API to my API deployed using Google Cloud Run.

Found article on how to control access: https://rapidapi.com/blog/add-authentication-and-billing-for-your-api-on-google-cloud-platform-tutorial/ The idea is clear, but repeating the steps above does not solve the problem.

I made a firewall rule in the default vpc network and added all the ip addresses specified in this article, but when try to contact to my gcp endpoint, I still get an restricted access error with a status code of 403.

I also tried to invoke container run from my server with static ip after adding it too but got same error message forbidden 403, so the problem seem to be exactly with firewall setup for ingress traffic.

In google cloud, for my cloud run container i specified option Allow internal traffic and traffic from Cloud Load Balancing for Ingress traffic, and for Authentication - Allow unauthenticated invocations.

Answer 1

Ay,

A little late but from what I understand we can :

• use the Rapid API header (X-RapidAPI-Proxy-Secret) to validate that the call is from RapidAPI (https://docs.rapidapi.com/docs/firewall-ip-security#firewall-settings) from our Cloud Run instance
• implement an IP restriction (https://docs.rapidapi.com/docs/firewall-ip-security#list-of-ip-addresses-used-by-rapidapi) at the Cloud Run level by setting our Cloud Run instance (https://cloud.google.com/run/docs/securing/ingress#settings) to accept only requests coming from a Google load balancer (c.f : "Internal and Cloud Load Balancing"). It will then be possible to attach IP restriction rules to the load balancer through Cloud Armor I think.