Securing services within AppEngine-project

[Fabian Hagen]

How can I secure specific services within my AppEngine project against public access so only other services within the same project can access it?

Firewall rules can not be applied to single services.. Do I have to use this: https://cloud.google.com/solutions/authenticating-web-users

Thanks!

[Katayoon (Cloud Platform Support)]

Hi Fabian,

It depends if you are using standard or flexible environment. 

App engine Flex environment is built on the Google Compute Engine  and consequently, it supports the Virtual Private Cloud networking system. Using the VPC networks, you can configure firewall rules that would use Instance Tags to determine the target or source component in a firewall rule. Hence, you simply have to configure the app.yaml files of the target service/version to use the appropriate instance tags.

For both App Engine Standard and Flexible environments, you may use Cloud IAP.  There is also a feature request on providing firewall rules on a service based level, however there is no ETA for the implementation and you may star the public issue tracker for any update in the future.