Using Google Cloud Identity-Aware Proxy with Compute Engine
A big part of what I like about working for Google Cloud is the opportunity to help my customers tackle real world challenges. One of my customers wanted a better way to manage access to their web platform, both for end user traffic as well as management traffic. Enter Google Cloud’s Identity-Aware Proxy (“IAP”) service.
The IAP service enables you to control access to your cloud-based and on-premises applications. You can use IAP to protect web resources such as Google Compute Engine instances running web applications and Google App Engine. Users browsing protected resources must authenticate to gain access. You can also use IAP TCP forwarding to protect TCP resources such as SSH. Users attempting to open TCP sessions must also first authenticate before being granted access. You can use both of these capabilities together. For example, you may want to restrict access to a web application and also limit SSH access to the web server.
I created a demonstration to show how IAP works with both the web and TCP flows. You will build an environment with Terraform and run some tests. You will then examine the configurations of the resources using the Google Cloud console.
Here’s what you’ll build.
Sound interesting? Go to the repository to learn more. Happy building!
