Hi @dagan ,
Welcome to Google Cloud Community!
Yes, it is possible to use Identity-Aware Proxy (IAP) to secure backends in different Google Cloud projects.
Identity-Aware Proxy (IAP) is a Google Cloud service that adds an additional layer of security to your applications running on Google Cloud. It is also used for controlling and securing access to applications and services by authenticating and authorizing users before they access your service.
IAP policies scale across your organization. You can define access policies centrally and apply them to all of your applications and resources. IAP can be configured to control access to web applications or APIs hosted across different Google Cloud projects, even if they are in separate projects from where IAP is set up. However, this requires additional configuration to ensure that the IAP service account and IAM permissions are properly set up across all involved projects.
By following the steps below, you can securely access resources across different projects, with IAP enforcing security through identity and access policies.
- Enable IAP for backend services in each project.
- Set up the IAM permissions for users/groups across projects.
- Ensure that the necessary firewall rules are configured for accessing IAP-secured services.
- You can also configure service accounts to allow backend communication between projects if needed.
I hope the above information is helpful.