问题
I'm a noob in GCP and need some recommendations about how to roles and security work in the platform.
I have GCP AppEngine project with several services. Some services need to communicate with other services using HTTP requests.
I want to restrict access to some services and not sure about how can I do it. Do I need to create new roles for each restricted service? How can I authenticate/authorize the caller of the service (OAuth2, apikey...)
I've tried to dive into GCP docs but documentation is a bit generic
Thanks
回答1:
I do this in a very simple way. I have a secret key that each service knows about. When one service calls another service, the requesting service includes the secret key and the responding service checks to make sure it is the right key.
I believe there are also ways to make sure that the requesting service is coming from an app engine server. I think there are headers that Google only allows for requests from within app engine. This would give you an extra layer of security.
来源:https://stackoverflow.com/questions/61819119/securing-communication-between-services