Reputation: 11
GCP anonymous calls to API
I´m startig with GCP now and I have started a new vm in the compute instance in the cloud. When I go to the API & Services and then the metrics in the compute engine, although I have created an OAuth2 and API key to avoid others to call my project using this API, I don´t know how to block anonymous calls and if they are legitimate.
Is there a way to stop all calls but the just strictly required? GCP API metrics view
Upvotes: 0
Views: 245
Answers (1)
Reputation: 76063
In front of your VM you can plug (Identity Aware Proxy (IAP)](https://cloud.google.com/iap/docs) to allow access only to people authenticated.
If you want to manage your authentication with API Keys, you can plug Cloud Endpoint in front of your IAP for translating the API Keys validation to IAP Call. I wrote an article on this. In this article, the AppEngine case is the same because AppEngine can be also protected by IAP.
Upvotes: 1
Related Questions
- I can't get google cloud functions gen 2 to work with only authorized requests from behind a API Gateway
- How do I avoid people being able to access my GCP function when NOT using a Gateway and API?
- API keys when API calls contain sensitive data
- Securing Cloud Function Using API Gateway
- Authenticate Google Cloud Function Call outside GCP Environment
- Authorizing REST API calls to GCP
- Authorization in Google Cloud Endpoints for external clients
- GCP Endpoint "Try this API" authorization URL
- How to protect my http-triggered GCP Function with oauth/jwt?
- how to manage/design API access on GCP?