DEVHIDE
Login Or Sign up

GAE Whitelist IP VPC tied to App Engine secondary instance not working firewall

148 Views Asked by At

I read into this article: How to properly configure VPC firewall for App Engine instances? This was a huge help in getting the firewall setup in the first place - so for those who have found this and are struggling with that - follow along. https://cloud.google.com/appengine/docs/flexible/python/using-shared-vpc is a good reference, as there are some accounts that need permissions "added" to make the magic happen.

My issue - I have two containerized services running in AppEngine one default (website), one API. I've configured the API to run in a VPC/subnet separate from the default created one. I have not made any changes to the firewall settings directly hanging off the App Engine settings as those are global, and do not let you target a specific instance - and the website needs to remain public, while the API should require whitelisting access.

dispatch.yaml for configuring subdomain mapping

dispatch:
  - url: "www.example.com/*"
    service: default

  - url: "api.example.com/*"
    service: api

API yaml settings:

network:
  name: projects/mycool-12345-project/global/networks/apis
  subnetwork_name: apis
  instance_tag: myapi

Create a VPC network

  name - apis
  subnet name - apis
  creation mode - automatic
  routing mode - regional
  dns policy - none
  max MTU - 1460

Add firewall rules

  allow 130.211.0.0/22, 35.191.0.0/16   port 10402,8443   tag aef-instance  priority 1000
  deny 0.0.0.0/0                        port 8443         tag myapi         priority 900
  allow 130.211.0.0/22, 35.191.0.0/16   port 8443         tag myapi         priority 800

this works - but I cannot specify the "white list IP".

if I do the following and disable the "allow 130 / 35 networks 8443/800"

  allow my.ip.number.ihave   port 8443     tag myapi     priority 800

it never trips this rule, it never recognizes my IP.

what change / how do you configure the firewall in the VPC so it receives the public IP. When I reviewed the logs, it said it denied my request because my IP address was 35.x.x.x.

google-app-engine firewall whitelist vpc
Original Q&A
1

There are 1 best solutions below

0
On

I would recommend to contact GCP support in that case. If I'm not wrong, you can directly whitelist the IP addresses at App Engine level, but it's not a standard procedure

Related Questions in GOOGLE-APP-ENGINE

Related Questions in FIREWALL

Related Questions in WHITELIST

Related Questions in VPC

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.