google-app-engine google-cloud-platform app-engine-flexible

Restricting web api deployed in App Engine Flex from outside

I have a web api that's been deployed on google cloud's app engine flex. The primary function of this service is to call another service (within the same google cloud project) every 4 hours via google cloud scheduler.

Since this service is purely automated, I'd like to restrict anybody from being able to hit it's endpoint externally. I know that public IP addresses can be removed from VM instances in Compute Engine, but how do I do that in GAE?

Solution

You can restrict the access to you App Engine Flex application using firewall rules. Here you have the documentation for controlling the access to your application using Firewall Rules.

Another option is enabaling IAP ( Identity-Aware Proxy ). Afterwards you will need to configure your another service to be able to connect through IAP and nobody else will have access to your app.

Datastore export logic in Java
Gunicorn App Isn't Working With GAE (static files work but making a request to the script results in a 503 error code)
Connecting Google App Engine to a Cloud SQL (Prisma) Postgres instance (through Bitbucket CI/CD)
PyCharm logging output colours
Permissions error when deploying to Google App Engine using flexible environment and Dockerfile
Inspecting files on an old Google App Engine app
Google App Engine with load balancer to enforce TLS version, and multiple regions
Find creation date of Google App Engine project
got Validation of viewstate MAC failed when sending post request from google app engine via url fetch service
Visual Studio Code pylint: Unable to import 'protorpc'
How do I get access token inside Node.JS Google Cloud function?
App Engine custom domain with service
Why is Composer not detected by Google's Cloud Build?
How do you start workers in Google App Engine?
MLM downline distribution count
What permission is required for a service account to deploy to Google App Engine using gcloud?
Local MySQLdb connection fails with AttributeError for paramstyle when running GAE development server
How to fix this AttributeError?
Configuring a task queue and instance for non-urgent work
Logs on Google App Engine / Google Cloud Run are appearing incorrectly
ImportError: cannot import name 'tasks_v2' from 'google.cloud' (unknown location) in Python fastapi
Google Cloud Storage - Public object url e super slow updating
FTP to Google Storage
Can't get Datastore composite index to work from App Engine Go
How to append write to google cloud storage file from app engine?
laravel/framework v10.9.0 requires composer-runtime-api ^2.2 -> found composer-runtime-api[2.1.0] on google app engine standard php81 deployment
'createsuperuser' command un known while trying to get started with Djangoappengine
ImportError: No module named cryptography.hazmat.bindings._openssl
remember me option in GAE python
How do you validate a URL with a regular expression in Python?