This demo is based on the official Google quickstart for API Gateway fronting an App Engine instance. Lovingly repurposed from Google with <3 for the benefit of all.
The example app is a Node-based web server (Fastify) that responds to the root /
and hello
. Hello will be used in the API specification (api-spec.yaml
).
- You have a GCP account
- You are logged in through your environment
- You have set your variables as needed in
setup.sh
- Run
deploy-app.sh
to deploy your basic demo application to App Engine - Set
x-google-backend.address
inapi-spec.yaml
to your App Engine URL (looks similar tohttps://{PROJECT_ID}.ew.r.appspot.com
) - Refer to https://cloud.google.com/iap/docs/app-engine-quickstart#enabling_iap for how to enable IAP. Copy the IAP client ID and set it in
x-google-backend.address.jwt_audience
inapi-spec.yaml
. - Go to IAP and set up your consent screen if it's not done above. You will most likely use the "External" option. Add a few users (like yourself) that should be granted access. Enable IAP for the App Engine web service.
- Run
setup.sh
to login, update yourgcloud
CLI tool and enable required APIs - Visit the application URL. Any requests from an accepted user should go through and the rest should be blocked.