I am running my server on Google App engine
where i am using nodejs
and i have all other services like mongoDB, Elasticsearch and Redis
deployed on Compute engine
.
Now because of security concerns, on all database instances(MongoDB, ES, Redis) i don't want to accept requests from anywhere but only coming from App engine
.
Is there anything i can do using VPN OR Networks Or Firewall(Using Target tags and Source tags)
or anything to accept requests only from app engine ??
I read about using tags in firewall section, where i can define app engine instances as source tags and compute engine tags as target tags, so that that my target tags can only listen to source tags.
Please help me guys i am searching for this from quite a long time but haven't found anything useful.
UPDATE
I tried to set my app_engine instance tag and then used that tag to the firewall rule associated with all services(MongoDB, ES, Redis) so that only services will get connected by app engine only, but it is not working now i am not able to connect to my app engine to all of my services.
I have only one network which is default network(auto-created by google)
, and all my instances e.g MongoDB
as well as my app engine
are on this same default network
.
I added below line in app.yaml
network:
instance_tag: app-tag
Below i sat source tag as above app-tag
in firewall rule
For my MongoDB database.