I’m using dialogflow messenger through integration and it’s working well. Now I wonder if there is a way to allow to access to my dialogflow agent from specific ip address. I built agent aimed to my company’s service desk so I don’t want anyone to access from outside.
It is possible to access the Dialogflow Agent from a specific IP address.
To access your Dialogflow Agent by using a specific IP address you can set up a VPC connection and add Firewall rules.
You can set the VPC to Auto mode or Custom mode depending upon your requirements.
You have to create the Ingress Firewall rules where you need to specify your source IP address from which this Dialogflow Agent will be accessed and give the necessary port numbers.
You need to integrate your Dialogflow Agent in a website and deploy it through a Compute Engine instance. For deploying in a Compute Engine instance you can follow the below mentioned steps.
echo '<!doctype html><html><body>
<script src="https://www.gstatic.com/dialogflow-console/fast/messenger/bootstrap.js?v=1"></script>
<df-messenger
chat-title="messenger"
agent-id=”your agent id"
language-code="en"
></df-messenger>
</body></html>' | sudo tee /var/www/html/index.html
Since we are using VPC and have set firewall rules, only those VM’s whose IP addresses are given in Ingress firewall rules can access the messenger. No one else from other networks will be able to use it.
Unfortunately we cannot restrict the IP address using IAM roles. However using IAM we can add roles to IAM policies for granting and changing access to users on the VMs.