We have a web app hosted in AWS behind a VPC. Due to product boundaries, user management needs to be done in GCP for the web app.
Would IAP be a good choice for a reverse proxy to the web app? At a high-level, our requirements are:
-
Forward requests for pages that donβt require authentication to the web app (ex. reverse-proxy.com/hello β ex. Blank)
-
Authenticate requests for pages that require authentication and then forward to the web app
-
When forwarding to the web app, attach a unique user id that the web app can use for identifying the user in their own database and for Google Analytics
- Set up IAP:
β Create an IAP resource in your GCP project.
β Configure IAP settings such as OAuth consent screen, OAuth client ID, and access settings for your web app.
2) Configure forwarding rules:
β Define forwarding rules within IAP to direct requests to your web app hosted in AWS based on URL paths.
3) Implement authentication in your web app:
β Configure your web app to accept requests only from IAP by validating the identity headers added by IAP.
4) Extract and utilize the unique user ID:
β Modify your web app to extract the unique user ID from the identity headers added by IAP.
β Use this unique identifier within your web app for user identification and analytics purposes.
5) Test and deploy:
β Test the configuration thoroughly to ensure that unauthenticated access, authentication, and user identification work as expected.
β Deploy the changes to your production environment.
1 Like