In this lab, you will be securing your application using Cloud Identity Aware Proxy. You will first create a simple Python application that you will deploy on the App Engine and then you will enable Cloud IAP to create a Central Authorization Layer.
Cloud IAP establishes a central authorization layer for an application accessed on a browser. IAP has resolved problems like direct endpoint access. To avoid such cases, IAP is used. When users try to access the endpoint URL, a prompt will appear for Google Sign In, if you are in the allowed member list, you will be able to access otherwise you will get an access denied error.
It is done at the application layer. If your application is on-premise, IAP Connector can be used.
Upon completion of this lab you will be able to:
This lab is intended for:
You should possess:
May 14th, 2025 - Updated lab environment. Updated screenshots and instructions to reflect the latest UI
June 13th, 2024 - Resolved IAM permission issue
May 16th, 2024 - Updated Python version
March 10th, 2023 - Updated the command for outputting the URL for the web application