Google App Engine communicate with Compute Engine over internal network

Question

We\'re building an application in the google cloud. We\'re using App Engine as frontend and Compute Engine as backend. On these Compute Engine instances I\'m running a TCP s

Answer 1

There isn't currently a way to setup a private network between GCE and GAE. Limiting to google's IP range isn't secure since anyone on GAE or GCE could connect to your server. So I recommend that you authenticate incoming connections at your TCP server to verify the connection is coming from your GAE instances.

Answer 2

As of now In 2016 as google cloud has launched google cloud flexible environment appengine/docs/flexible/. So yes it is possible now because now both app engine and compute engine are present in same network and therefore using app engine you can access compute engine by using their internal Ip, also remember to delete all external firewall rules for your compute engines if you only want to allow access from app engine.

Answer 3

As of April 9, 2019, you can use the serverless VPC connector to allow your App Engine application to connect to other services on the Google Cloud Platform. I linked to the Python standard environment docs, but this applies to any language on App Engine in either runtime environment.

Answer 4

With App Engine Flexible, you can setup instance_tags and use that to create firewall rules with the appropriate tagging rules. See https://cloud.google.com/appengine/docs/flexible/custom-runtimes/configuring-your-app-with-app-yaml for more information.