I run my server on the Google App engine , where I use nodejs , and I have all other services like mongoDB, Elasticsearch and Redis deployed to the Compute engine .
Now, due to security issues, in all database instances (MongoDB, ES, Redis) I do not want to accept requests from anywhere, but only from the App engine .
Is there anything I can do using VPN OR Networks Or Firewall(Using Target tags and Source tags) or anything to accept requests only from the application engine?
I read about using tags in the firewall section, where I can define instances of the application core as source tags and compute engine tags as target tags so that my target tags can only listen to the source tags .
Please help me guys, Iβve been looking for this for quite a while, but havenβt found anything useful.
UPDATE
I tried to set my app_engine instance tag and then used that tag to the firewall rule associated with all services(MongoDB, ES, Redis) so that only services will get connected by app engine only, but it is not working now i am not able to connect to my app engine to all of my services.
I have only one network, which is the default network(auto-created by google) , and all my instances, for example MongoDB , as well as my App engine are on the same default network .
I added the line below in app.yaml
network: instance_tag: app-tag
Below I sat the source tag, as indicated above by the app-tag in the firewall rule for my MongoDB database.
