Search code examples
google-cloud-platformgoogle-cloud-functionscloud

How to trigger google cloud function with restricted Ip address?

Basically, I would like to trigger my google cloud function without authentication and only allowed some IP public address to trigger it.

After many research I don't find any way to do that, so if you know something, I'm interested :D

Thank you in advance

Solution

  • Following this official documentation, you can configure the network settings of your Cloud Functions depending on your use case. For starters, to be able to restrict IP addresses to trigger your function, you can set up ingress settings.

    Ingress settings restrict whether a function can be invoked by resources outside of your Google Cloud project or VPC Service Controls service perimeter. You can specify one of the following ingress setting values:

    • Allow all traffic: Default. All inbound requests to the function are allowed, from both the internet and resources within the same project.
    • Allow internal traffic only: Only traffic from Workflows and VPC networks in the same project or VPC Service Controls perimeter is allowed. All other requests are denied with a 403 error.
    • Allow internal traffic and traffic from Cloud Load Balancing: Traffic from Workflows and VPC networks in the same project or VPC Service Controls perimeter is allowed. Traffic from Cloud Load Balancing is allowed.

    Sample gcloud command:

    gcloud functions deploy FUNCTION_NAME \
--trigger-http \
--ingress-settings INGRESS_SETTINGS \
FLAGS...

    Additionally if you choose the Cloud Load Balancing option, you can follow this article, How to securely load balance cloud functions on GCP using Cloud Armor.