Reputation: 355
Google cloud functions not accessible from app engine (with ingress controls)
I have an API that I host through Google Cloud. The main entry point for the API is an App Engine instance (standard), which then needs to be able to call various cloud functions to execute its tasks.
To make the cloud functions secure, I want to set the ingress controls to "Allow internal only".
I've deployed the cloud functions and the App Engine in the same region (us-central1), but every time the App Engine instance tries to call a cloud function, it gets a 403 error. I've tried setting up a VPC connector for the App Engine, but that isn't helping.
Here's the app.yaml file:
service: my-test-app
runtime: nodejs10
env_variables:
STAGE: "dev"
instance_class: F1
vpc_access_connector:
name: "projects/my-test-project/locations/us-central1/connectors/test-vpc-connector"
The key cloud function configuration is the Ingress Setting. I have it set to Allow internal traffic only. If I set it to Allow all traffic, everything works (just highly insecure!)
Any suggestions on what I might be missing?
Upvotes: 1
Views: 286
Answers (1)
Reputation: 355
I found the solution! If I set the App Engine to a flex environment, everything works. It looks like the standard environment was the issue.
Upvotes: 1
Related Questions
- Google Cloud functions call URL hosted on Google App Engine
- Creating GCP cloud function with ingress-settings internal-only doesn't work
- How to authenticate google cloud functions for access to secure app engine endpoints
- Requests from Cloud Function to App Engine returns error 401
- Google cloud function permission problems
- Google Cloud Functions http request only by Google App Engine
- Google Cloud Function connection to Google Compute Engine via internal IP
- Route from node-js app engine to google cloud functions - integration of cloud functions with App Engine
- How can I stop Google App Engine(GAE) from CloudFunctions
- "functions: not found" during "gcloud app deploy"