Reputation: 125
How to secure connection between different GAEs?
For some reason I need to create two GAEs with project A and B:
- A(flex env) is a proxy server bounded with Endpoint and restrict access with API key.
- B(standard env) is real server which does real jobs.(B cannot apply Endpoint framework)
- Client only awares proxy server address and send all requests to A
Now I would like to secure connection between A and B. In other words, B is only accessible from A. Is there any way to achieve it? (Firewall not work here because GAE has not static IP range.)
Upvotes: 1
Views: 178
Answers (1)
Reputation: 1793
If you want to determine the identity of the App Engine app that is making a request to your App Engine app, you can use the request header X-Appengine-Inbound-Appid. This header is added to the request by the URLFetch service and is not user modifiable, so it safely indicates the requesting application's ID, if present.
In your application handler, you can check the incoming ID by reading the X-Appengine-Inbound-Appid header and comparing it to a list of IDs allowed to make requests.
Note: The X-Appengine-Inbound-Appid header is only set if the call is made to the appspot.com domain. If the app has a custom domain, this header will not be set.
This should work the same for all App Engine standard environments.
Upvotes: 1
Related Questions
- GCP API Gateway to secure internal/external communication for API deployed on App Engine
- Authenticated calls between Google App Engine services
- How to provide credentials and other secrets in Google App Engine?
- connect Google App Engine and Google Compute Engine
- How to establish a private connection between Google app engine and compute engine?
- Mutual SSL authentication on Google App Engine
- Communication methods between two GAE services in the same project
- Google App Engine: secure inter-app communication
- Security between Google App Engine projects
- How to securely establish communication between two apps built on google app engine?