I have some content in a GCS bucket:
$ gsutil ls gs://my-bucket
index.html
I'd like to serve this behind OAuth using Identity-Aware Proxy (IAP). I'm following these instructions.
I've created a load balancer and and "backend bucket" like so:
On the Identity-Aware Proxy page, however, I do not see my load balancer listed:
Is it possible to use IAP with a backend bucket?
What is Identity-Aware Proxy? Identity-Aware Proxy (IAP) is a Google Cloud Platform service that intercepts web requests sent to your application, authenticates the user making the request using the Google Identity Service, and only lets the requests through if they come from a user you authorize.
How IAP for on-premises apps works. When a request is sent to an app hosted on Google Cloud, IAP authenticates and authorizes the user requests. It then grants the user access to the Google Cloud app. When a request is sent to an on-premises app, IAP authenticates and authorizes the user request.
This page describes the basic concepts of Identity-Aware Proxy (IAP), a Google Cloud global service. IAP lets you establish a central authorization layer for applications accessed by HTTPS, so you can use an application-level access control model instead of relying on network-level firewalls.
This isn't supported at the moment. The policy is applied per backend, not for the load balancer as a whole (so for example, yoursite.com/admin can be more restricted than yoursite.com/public). However only backend services (ie GCE/GKE) are supported, but not backend buckets.
There is an open feature request for backend bucket IAP support.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With