Google App Engine communicate with Compute Engine over internal network

With App Engine Flexible, you can setup instance_tags and use that to create firewall rules with the appropriate tagging rules. See https://cloud.google.com/appengine/docs/flexible/custom-runtimes/configuring-your-app-with-app-yaml for more information.

There isn't currently a way to setup a private network between GCE and GAE. Limiting to google's IP range isn't secure since anyone on GAE or GCE could connect to your server. So I recommend that you authenticate incoming connections at your TCP server to verify the connection is coming from your GAE instances.

As of now In 2016 as google cloud has launched google cloud flexible environment appengine/docs/flexible/. So yes it is possible now because now both app engine and compute engine are present in same network and therefore using app engine you can access compute engine by using their internal Ip, also remember to delete all external firewall rules for your compute engines if you only want to allow access from app engine.