This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Secure website with Identity Aware Proxy ( iap)

Posted on 07-02-2023 02:50 AM
jameslast
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello All,

I'm looking at securing some websites hosted on Google Cloud ( Wordpress sites ) with IAP.

Looking at the documentation, the examples seem to use App Engine and not Compute Engine.

So my question is: for my use case ( website/Wordpress ) ; do I need to put the vm behind https load balancer for

IAP to work?

Many thanks, greetings, J.

 

 

Solved Solved
2 6 1,982
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
In response to jameslast
Reply posted on --/--/---- --:-- AM

Hi,

Yes. To be able to use IAP, you must configure LB. With AppEngine / Cloud Run is easier , both have LB by default. 

cheers,
DamianS

View solution in original post

Jump to Solution
6 REPLIES 6

Posted on --/--/---- --:-- AM
jameslast
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

since there is no input on my question, I guess I will go with the documentation:

https://cloud.google.com/beyondcorp-enterprise/docs/securing-compute-engine

and I'm afraid that according to the docs a load balancer is indeed necessary.

Greetings, J.

 

Jump to Solution

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
In response to jameslast
Reply posted on --/--/---- --:-- AM

Hi,

Yes. To be able to use IAP, you must configure LB. With AppEngine / Cloud Run is easier , both have LB by default. 

cheers,
DamianS

Jump to Solution

Posted on --/--/---- --:-- AM
jameslast
Bronze 1
Bronze 1
In response to DamianS
Reply posted on --/--/---- --:-- AM

Damian,

thank you, this info helps me a lot. I can't help but thinking though, that in the demo they make it look so easy. Iap is just a few clicks. But if on Compute Engine https lb is necessary, it becomes a lot more complex.

Greetings, J.

 

 

Jump to Solution

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
In response to jameslast
Reply posted on --/--/---- --:-- AM

Indeed,
however you can run wordpress at Cloud Run, then set up integration ( it will automatically set up DNS, LB etc), and at finish enable IAP. 

https://medium.com/@peterkracik/running-wordpress-website-on-google-cloud-run-simple-and-cheap-fa19b...

cheers,
DamianS

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dhirajpal
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Is it possible to integrate IAP with apigee proxy api ?.These reason i want is because i want only user that is authenticated in gcp should be able to hit a specific apigee proxy api and if he is not he should be rejected.do we have any way of doing this 

Jump to Solution

Posted on --/--/---- --:-- AM
dhirajpal
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi KamelOUALI  you liked the comment ,do you mean it is possible ?.can you also list steps of achieving it ?.Thanks

Jump to Solution
Top Labels in this Space
Top Solution Authors
View all