Is it possible to put more fine-grained access control on AppEngine services using Google Cloud IAP (Identity Aware Proxy)?
I have two services A and B, I want some users to be able to access A, and I would like to provide a different list of users who can access service B. I'd like to use IAP to control access.
This is available now.
For each service configured for IAP, you can add and allow specific users to each resource or a selection of resources in the Info Panel.
Role: Cloud IAP > IAP-Secured Web App User
What is not available is enabling/disabling IAP per service.
Unfortunately once IAP is enabled for App Engine, it is enabled for all App Engine services, and you are therefore unable to have one public App Engine service and one IAP-fronted App Engine service.
Where as IAP can be controlled per HTTPS load balancher