Connection via Cloud Identity-Aware Proxy failed

Hi again Willbin,

I am in the process of adding IAP to my project, but I see certain discrepancies between what it says in the documentation and what I see on my interface, assuming I am in the right place. It says clearly in the documentation:

1. Next to my-backend-service, toggle the on/off switch in the IAP column.

Well, I see no such message. I do see my VM instance listed, but nothing to toggle. I hope I am not doing something wrong here. I have set up the consent screen, put in a user (me, the principal, at my Gmail address), but that's all. I saw at one point in the documentation that I should be able to send a URL to a person (myself in this case), but I see nowhere to copy it from. Or perhaps when adding IAP one sees different things on the screen? Any tips would be appreciated in what I sense is the last phase before things should work and I can start translating my docs.

You are right: I was confusing IAP for SSH forwarding and IAP for Web
trafffic. Very confused. At one point late at night I actually realized I
was getting confused, but I was so confused, and worn out, that I soon
forgot I realized this, which caused me to plow ahead and waste even more
time. Oh well....

Attached is a screen capture of the results of Troubleshooting that I get
after seeing the failed SSH connection message on my screen. Again, a
serial connection to my VM instance does work, sort of, apart from the fact
that the lines on the screen tend to hop around at irregular intervals,
even after I set the baud rate to 9600 in the metadata pane, experimenting
with 4800, then setting the rate back to 9600. No improvement whatsoever
with the hopping-line syndrome.

I have now moved on to a better way of doing thing: using the SDK, so this
SSH issue is a bit less concerning perhaps. But what *is* important now is
for me to fully understand what sort of authentication needs to happen when
running my little javascript translation program with node.js and the
Google Cloud Translation (Advanced) API, and to know whether I even need to
set up an OAuth consent screen or any other authentication methods apart
from the normal .json keys associated with the different service accounts
associated with my VM instance.

Any pointers in this area would be appreciated. I'm still pulling G's going
up and up on the learning curve.

Regards

Hi again,

I was trying to SSH into my VM instance via the SSH button of the GCP
console; I wasn't using a CLI commande. I might try, if you think it's
worth it from within the SDK though. But since I can do more or less
everything I need to do from the SDK command line, SSH less of an issue
now. What's important now is to fully understand authentication and to know
if I really need to have OAuth approval by the security team or if I can
move on to the next step of getting my translation program to work. With
respect to your request at the outset I included what would appear to be be
the positive results of my Troubleshooting request as an .png attachment to
my previous email.

Regards

Hi again,

Just after writing you my last message I decided to stop fiddling around with the  SSH button in the console and go to my SDK and run the "gcloud compute ssh ...". command from  the command line. Now, why  I didn't try this earlier is a mystery to me, preferring to knock my head against the wall trying to figure out why Troubleshooting said all was OK, though I was not let in to SSH via the console (the way I had been just after setting up my VM but before creating service accounts and giving the necessary permissions). In any case, thanks for getting back to me initially on this. You helped guide me in the right direction. By the way, I have now removed the OAuth entry, sensing it might not at all be necessary in my scenario, at least as long as there are no other users who need to run my translation program. Regards, Gary