I am implementing micro-services on google app engine standard environment. I need to call one micro-service from another using URLfetch. For this I have to have some authentication mechanism in place so that only micro-service in the same project can only call this api.
It can be achieved using task queues but that is not useful for my scenario.
I followed this link (How to secure connection between different GAEs?) and If we verify X-Appengine-Inbound-Appid headers then this can be achieved. I am curious if we make this further more secure using service accounts.
Below links have reference to do it https://cloud.google.com/appengine/docs/standard/python/communicating-between-services https://cloud.google.com/docs/authentication/production
but did not find clear instructions to achieve it. Anyone is using this approach for authentication?
This link [1] that you mentioned has clear instructions along with code examples in Python (click the Python tab) to achieve your objective. The documentation shows how to create a service account, assign it a role with the associated permissions, and providing the credentials to your application.
The code examples showcase how you can have an App interact with the Cloud Storage micro-service. If you get an error while following the examples, please provide the error details.
[1] https://cloud.google.com/docs/authentication/production