IAP as reverse proxy for AWS web app

Former Community Member · 03-12-2024 01:58 PM

We have a web app hosted in AWS behind a VPC. Due to product boundaries, user management needs to be done in GCP for the web app.

Would IAP be a good choice for a reverse proxy to the web app? At a high-level, our requirements are:

* Forward requests for pages that don't require authentication to the web app (ex. reverse-proxy.com/hello --> ex. web-app.com/hello)

* Authenticate requests for pages that require authentication and then forward to the web app

* When forwarding to the web app, attach a unique user id that the web app can use for identifying the user in their own database and for Google Analytics

meetbhorania

1) Set up IAP:

-> Create an IAP resource in your GCP project.
-> Configure IAP settings such as OAuth consent screen, OAuth client ID, and access settings for your web app.
2) Configure forwarding rules:

-> Define forwarding rules within IAP to direct requests to your web app hosted in AWS based on URL paths.
3) Implement authentication in your web app:

-> Configure your web app to accept requests only from IAP by validating the identity headers added by IAP.
4) Extract and utilize the unique user ID:

-> Modify your web app to extract the unique user ID from the identity headers added by IAP.
-> Use this unique identifier within your web app for user identification and analytics purposes.
5) Test and deploy:

-> Test the configuration thoroughly to ensure that unauthenticated access, authentication, and user identification work as expected.
-> Deploy the changes to your production environment.