Is it possible to provide a public access for a specific endpoint for a service under Identity aware proxy?
I have a service in Google Cloud App engine, which is behind IAP.
It is accessible only to users within my organisation. I need to make a few endpoints of this service accessible for all users. Is it possible to achieve?
I have found an instruction, which says that it is possible, but it also says: The allUsers and allAuthenticatedUsers values are unsupported member types in a conditional role binding. If you specify one of these member types, the setIamPolicy operation will fail.
Which is not clear for me and a bit confusing.
A small example: My service has an url https://google-cloud-app-engine-service.com And I want to make only one endpoint of this service available to everyone: https://google-cloud-app-engine-service.com/public_endpoint.
Thank you!
You can't white list URL path with IAP. The finest grain is the service. I mean, you can activate IAP on AppEngine. Then, for the service that you want you can select it, go to the info panel and add allUsers or allAuthenticatedUsers with the role IAP-secured web app user
You have several alternatives
- Manage the security by yourselves and don't use IAP (which is not a good idea)
- Use Cloud Endpoint in front of your AppEngine. I wrote an article on this for securing with APIKey, but you can change the security definition is you want. The problem is that you have to define all your API in the Cloud Endpoint, and you have an additional component in your stack
- Use 2 services (if possible). Set one public and the other protected by IAP.
- Python Headless Browser for GAE
- No api proxy found for service "memcache" GAE unittest2
- How to get the root directory of my app in google app engine?
- Install a NPM module in docker image and run it with golang app, using Google App Engine flex
- Migrate "App Engine Standard" away from"Container Registry?" (for "Artifact Registry")
- What is the best way to determine the maximum concurrent requests per instance for your App Engine or Cloud Run app?
- Do Google Cloud Task requests count towards concurrent requests in Google App Engine?
- Error migrating Google Cloud Container Registry to Artifact Registry: RESOURCE_EXHAUSTED
- Is it possible to receive email bounce notifications for google app engine - python?
- Google API - Cross platform client credential authentication
- Error during `gcloud app deploy` for GAE app: "Failed to create cloud build: invalid bucket"
- google cloud online glossary creation returning "empty resource name" error
- Hosting multiple customer websites on Google App Engine with Different custom domains pointing to different services
- How to use GAE's dispatch.yaml with multiple development environments?
- GWT - Passing arguments when deploying with google plugin for eclipse
- app.yaml deprecated for java in appengine?
- App Engine: The private key you've selected does not appear to be valid
- Google App Engine: how to send html using send_mail
- How to set a custom version when deploying an app engine application?
- How to flip to previous page with ndb cursors?
- App Engine says "Your runtime version for ruby33 is past End of Support", but it isn't
- Paging in google app engine (GAE)
- Using/Searching AsyncDataProvider with Objectify / Google App Engine
- Objectify paging
- Permissions error fetching application - Gcloud app deploy
- Why is my Python App Engine app using the Translate API getting an error of ImportError: No module named apiclient.discovery?
- Viewing deployed files app engine standard?
- Failing to generate all the header and implementation classed for iOS
- Enable Memcached on App Engine runtime PHP 7.2
- Deploying an Angular app on Google Cloud with minimal costs