Reputation: 16935
Serve content from a Google Cloud Storage bucket using Identity-Aware Proxy (IAP)
I have some content in a GCS bucket:
$ gsutil ls gs://my-bucket
index.html
I'd like to serve this behind OAuth using Identity-Aware Proxy (IAP). I'm following these instructions.
I've created a load balancer and and "backend bucket" like so:
On the Identity-Aware Proxy page, however, I do not see my load balancer listed:
Is it possible to use IAP with a backend bucket?
Upvotes: 19
Views: 6181
Answers (2)
Reputation: 71
I have added a couple of changes to gcs-proxy.
so basically you can put it in cloudrun behind GLB with Identity-Aware Proxy (IAP) and serve static sites from private GCS.
here is the fork https://github.com/mike-sirs/gcsproxy.
Upvotes: 0
Reputation: 9721
This isn't supported at the moment. The policy is applied per backend, not for the load balancer as a whole (so for example, yoursite.com/admin can be more restricted than yoursite.com/public). However only backend services (ie GCE/GKE) are supported, but not backend buckets.
There is an open feature request for backend bucket IAP support.
Upvotes: 15
Related Questions
- How to make a google storage bucket a public website or a load balancer back end when there is an org policy of "public access prevention"
- Google Cloud Identity Aware Proxy over Corporate Proxy
- Create bucket for public access with service account
- Identity Aware Proxy(IAP) in GCP
- Providing Credentials to Google Cloud Storage API
- Making a Cloud Storage bucket accessible only by a certain service account
- Identity Aware Proxy(IAP) for Google Cloud endpoints OpenAPI
- How to properly authorize request to Google Cloud Storage API?
- Access to cloud storage from client URL
- Google Cloud Platform Bucket: serving content with custom domain over https