Guillermo
Reputation: 947
IAP: Restrict access to admin allowing open access to public website
I have a web application with a www.domain.tld/admin namespace, which I want to have protected with Google IAP.
However, I don't want to restrict access to our public-facing website, at www.domain.tld.
Is there any strategy to leave access fully open to our website, while restricting access to "admin"?
Upvotes: 1
Views: 330
Answers (1)
David
Reputation: 9721
This is possible if you are using GCLB to send the traffic to GCE or GKE:
- Create two different Backend Services in GCLB, called "public_site" and "admin_site." You could even point them to same servers, although it's better security to have them be as separate as possible.
- Set up GCLB with a URLMap that sends /admin to admin_site and everything else to public_site.
- Enable IAP for admin_site only.
This takes advantage of the fact that IAP is enabled/disabled on a per-backend basis.
Upvotes: 1
Related Questions
- IAM condition to restrict access to a managed zone
- GCP - IAM Restrict Delete access for Admin Role
- Access management in web application deployed as App Engine in GCP
- Restricting user access for VM in gcp
- How to restrict public access on Google App Engine static web site?
- Using Cloud IAM to limit access to App Engine in Google Cloud Platform
- Can I restrict access to specific Google Cloud IAP backends?
- How to restrict access to a small user community (IAM users) in GCP / Cloud DNS / HTTPS application
- Forcing password on login with IAP and restrict domain
- How to restrict public access to google app engine flexible environment?