Apigee X in shared VPC environment but with Cross-Project Service Account Usage disabled

My company has a shared VPC setup and, and we will setup a Apigee X on a new service project to serve traffic from client to our internal workload on GCP. This Apigee X will route traffic to backend service inside other service projects. ( which are cloud run functions and they also sit behind their own load balancer) .

Since there is an organization policy "Disable Cross-Project Service Account Usage" enabled, using service account with role binding is not feasible to authenticat with. I heard using the workload identity federation but since we are internal system interaction, we do not use external provider or should have access to external identity provider. we hope to manage those via GCP IAM.

Backend Development

Git

CMD

Linux-Ubontu

AWS

Azure

Database

Data

AI and Machine Learning

Network-Server

Quantum Computing

Software Development

Game Development

CRM

DevOps

Blockchain

Multimedia

Hardware

Security

Shopify

Microsoft Services

Google Services

Apple Services

Adobe Services

JS Frameworks

Apigee X in shared VPC environment but with Cross-Project Service Account Usage disabled