'Google Cloud Platform admin panel IP restriction
Is it possible to restrict access to cloud.google.com to specific IPs? When I create a principal I'm giving it a specific role, but I would like to give access for that user/s only if it log in from specific IP.
[EDIT] To clarify, access should be restricted to the whole project. F.e. I limit access to only IP1. User "A" logs in to cloud.google.com, chooses project and if he logged from IP2, he won't see anything ("you don't have access .." message, same as the role based restrictions if you go when you shouldn't). If he connects from IP2 he should have access to everything he's role gives him.
Only limits I can find in documentation (also the IAP pointed by Arden) are restrictions TO something (app, resource, etc.) not FROM something.
So the question is, is it even possible to do something like that.
Solution 1:[1]
You need implement Identity-Aware Proxy (IAP) : Authenticate users with Google Accounts
When to use IAP
Use IAP when you want to enforce access control policies for applications and resources. IAP works with signed headers or the App Engine standard environment Users API to secure your app. With IAP, you can set up group-based application access: a resource could be accessible for employees and inaccessible for contractors, or only accessible to a specific department.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Arden Smith |