I have a Cloud Function (fce_a) that I need to invoke from a different cloud function (fce_b), both in the same GCP project and region. When I set the fce_a to Allow all traffic (in Ingress settings), it works perfectly (using this method). However, when I set the fce_a to Allow internal traffic only (in Ingress settings) I am getting Error 403 (Forbidden) 403. That's an error. Access is forbidden. That's all we know. (mentioned here).
I've tried using this method, but it is to be used only for testing purposes and the limits are too restrictive for my usecase.
Any idea on how to call a Cloud function from a different Cloud function if the target function has the Ingress settings set to Allow internal traffic only?
Allow internal traffic only allows only requests from VPC networks in the same project or VPC Service Controls perimeter. Since cloud Functions are actually running outside of your project, your function fce_b can't reach fce_a as-is.
To allow this use-case, you'll need to use a VPC Connector to connect them to one of your VPC network in your project (you can use the same VPC conector for both functions since they're in the same region). Your fce_a, set with Allow internal traffic only, will accept traffic coming from that VPC connector. Note that, on your fce_b, you'll need to set Egress settings to match your use case.