I have a Compute Engine instance with an API service running on it. In front of it is a Google Cloud Load Balancer. I do not want this API service exposed to the outside world.
I also have an App Engine Deployment that is behind Identity Aware Proxy. The application needs to be able to hit the API behind the load balancer.
What is the best practice here? What is the best way to enable this traffic and deal with authentication?