I am saving my backend services data in Firestore. here now I need to restrict access to Firestore within a VPC.
basically, when connecting to the database from frontend the firebase URL or the database URL shouldn't be public. it should go through a VPC.
Please guide and help me if anyone has an experienced or knowledge on this matter.
Thank You, Cheers.
I do not think Firestore can be used with VPC. As you can see it the list of what VPC supports neither Firestore or Datastore are supported.
What you can do instead is possibly have a Cloud Function or GAE service acting as an API and let the service account used by this API be the only one with permissions to access Firestore.
Related
I would appreciate with help on this. I watch a hyperledger comoposer tutorial where Zach Gollwitzer said there are 2 options to secure the rest-server API of the business network, one was to put it behind an API Management gateway and the other with multi-user mode. I would like to know how I can export the Rest rever API To AWS API gateway. What file is used to do this. thanks in advance.
When your rest server is started you should be able to 'hit'
http://localhost:3000/explorer/swagger.json which describes the various API endpoints.
Hopefully this is enough for the AWS API gateway.
I need help in integrate AWS API gateway with luman as end point. I have working project with one web part(Laravel) and three luman project for different micro services. We are using AWS API gateway to point out to luman services. Right now we don't have any authentication on web services on luman. Anyone can have access to these if he know URL. We are planing to use oAuth2 for authentication. but i am not able to understand how it work. As we have mobile app for this project too. So my question is.
Is oAuth need to be implemented on luman project or on AWS API gateway.
In both cases how it will work. Also we are planning to move luman project to private network(no internat) which will not have public access. in that case we need to use lambda function to communicate with the private network.
So how it will work in this case.
Please suggest.
If you want to know how AWS API Gateway works with oAuth I'd recommend checking AWS public documentation and AWS Compute Blog.
When setting up the Google Cloud SQL, I have to set up the allowed network so that it can access to the cloud sql instance.
I want to make my application in cloud9 to connect to the cloud sql instance, is it possible to do that? How I can get the outgoing IP address to setup?
is cloud9 an appengine app?
if yes check this article:
Configuring Instance Access
https://cloud.google.com/sql/docs/access-control#appengine
Basically you can grant individual Google App Engine applications access to a Google Cloud SQL instance.
How can I use the role feature to access the AWS API in an application? How can I implement this use case?
I am able to fetch the credentials by launching an ec2 role based instance.
Any help is appreciated
Thanks in advance.
IAM Rules are used to manage access to AWS services and resources. It is not meant to be used as an applicative authorization engine. From the documentation:
AWS Identity and Access Management (IAM) enables you to securely
control access to AWS services and resources for your users. Using
IAM, you can create and manage AWS users and groups and use
permissions to allow and deny their access to AWS resources.
Is there any cloud computing service like e.g. Google's AppEngine or Amazon's S3 out there, that allows me to use JDBC without using some sort of proxy? I do have a MySQL server, that I can't move into the cloud, so I want to access this server directly via a JDBC connection.
If you can't migrate your database, don't move to the cloud. It would be a performance and security nightmare to have your app communicate with the database over the internet.
To answer your question more specifically:
S3 is a storage platform, so it is irrelevant to your question. Google's App Engine is only designed to interface with it's own storage system.
If you really want to do this you could use a full fledged virtual instance such as Amazon EC2, or Rackspace Cloud.
EDIT
I forgot to mention, Google now offers a MySQL service. I would assume that Java apps use jdbc to connect to it.