Search code examples
google-app-enginegoogle-cloud-platformapp-engine-flexible

Is there a way to deploy internal facing applications in Google App Engine?

Is there a way to deploy "internal facing" applications in Google App Engine. AWS offers this capability as explained here and so does Azure as explained here.

What is the GCP equivalent for this? It appears App Engine Flexible Environment could be the answer but I could not find a clear documentation on whether Flexible Environment is indeed the way to host intranet facing applications. Is there someone from GCP who can advise?

Update

I tested the solution recommended by Dan recently. Listed below are my observations:

  • App Engine Flex allows deploying to a VPC and this allows VPN scenarios. The VPN scenarios however is for connections (originating) from App Engine to GCP VPCs or to other networks outside GCP which can be on-prem or in another cloud.
  • Access (destined) to the app itself from a GCP or another network is always routed via the internet facing Public IPs. There is no option to access the app at a private IP at the moment.

If there's another update, I will update it here.

Update 28Oct2021

Google has now launched Serverless Network Endpoint Group(NEG)s. With this users can connect AppEngine, Cloud Run & Cloud Function endpoints to a LoadBalancer. However at the moment, you can only use Serverless NEGs with an external HTTP(S) load balancer. You cannot use serverless NEGs with regional external HTTP(S) load balancers or with any other load balancer types. Google documentation for Serverless NEGs is available here.

Solution

  • It should be possible with the GAE flexible environment. From Advanced network configuration:

    You can segment your Compute Engine network into subnetworks. This allows you to enable VPN scenarios, such as accessing databases within your corporate network.

    To enable subnetworks for your App Engine application:

    1. Create a custom subnet network.

    2. Add the network name and subnetwork name to your app.yaml file, as specified above.

    3. To establish a VPN, create a gateway and a tunnel for a custom subnet network.

    The standard env GAE doesn't offer access to the networking layer to achieve such goal.