GCP IAM Auth on Cloud Run - service
I've hosted a service, let it be simple webpage on Cloud Run Service and set security to
""
Require authentication -
Manage authorized users with Cloud IAM.
""
Added the approved account to IAM with roles as Cloud Run Invoker (or any other up to admin). When accessing the service via url provided in that cloud run service. It still returns me with:
Error: Forbidden (403) Your client does not have permission to get URL / from this server.
I supposed that this would allow certain accounts to access the service (webpage) securily. Am i missing something or it's not what i thought it
edit: please read main post comments for additional information, thanks!
If you need to expose a website on Cloud Run or App Engine, and you want to secure the access to Google account users, IAP (identity aware proxy) if the right solution for you.
It's an authentication proxy that redirects the user to a Google authentication page if it is not authenticated, checks if the authenticated identity is authorized on your website, and, if so, add all the required information to all access to your protected backend.
IAP for AppEngine is pretty easy to deploy
IAP for Cloud Run requires a Load Balancer ($14 per month of additional cost)
- Firebase Firestore: Accessing Never-Retrieved Data Offline
- Google recaptcha enterprise: Your default credentials were not found
- Firebase Admin SDK cant upload to storage bucket folder
- Accessing Firestore via Cloud Function
- Problem with executing asynchronous Cloud Function
- do you need to create a separate collection/document for reading an aggregated document with firebase cloud function
- httpsCallable is not a function when calling a Firebase function
- Google Cloud Eventarc: Receive events via Pub/Sub directly
- Android Studio's project gradle file changed?
- How to listen to button triggers using Firebase
- gcloud auth login throwing error: gcloud crashed (ConnectionError): HTTPSConnectionPool(host='oauth2.googleapis.com', port=443): Max retries exceeded
- Google Cloud Build Error: build step 0 "gcr.io/cloud-builders/docker" failed: step exited with non-zero status: 1
- Terraform - GCP - Import project IAM member
- Choosing fields to return with Places API (new) client library
- Deploy to Update version of Gmail App Script Extension
- Getting random "User not found in file /etc/passwd" error on Cloud Run Job
- Change time format in GCP Logs Explorer
- Deploying to Cloud Run with a custom service account failed with iam.serviceaccounts.actAs error
- Deploying a pelican site to Google Cloud Run with Dockerfile not working
- Is there a good explanation of resource labels versus metric labels?
- Why do I set the resource type when writing the metric but not when creating a descriptor?
- google-github-actions/get-gke-credentials failed with: required "container.clusters.get" permission(s)
- GA4 Data Not Retained for More Than 60 Days Despite BigQuery Table Expiration Set to 'Never
- How to list all enabled API services for Google Cloud Platform project
- Google Cloud calendar API connection error
- Downloading a folder from cloud storage in GitHub action and move it inside a docker container is not working
- How to fix CloudRun error 'The request was aborted because there was no available instance'
- Google Cloud Build with Dockerfile and copy files
- Firebase CLI console: Cannot find module @google-cloud/tasks
- Does Cloud SQL have a query console or is CLI the only option?