Reputation: 191
Cloud Functions IAM Roles: 403 Forbidden
I want to secure my cloud functions and by doing so, I removed the allUsers role for invoking the cloud functions. Instead, I assigned the cloud invoker role to a service account and I then use that service account to call my cloud functions. However, I am still getting a 403 forbidden error. I am not exactly sure whats the best way to ask this question, but I do not know if I am missing a step or if I am doing something completely wrong.
Upvotes: 0
Views: 710
Answers (1)
Reputation: 159
403 Forbidden: This error message happens when the user is not authorized due to missing permissions to invoke the function. Some developers may confuse this with a misconfiguration and you should ensure that allUsers has roles/cloudfunctions.invoker role in the function's IAM policy.
Upvotes: 1
Related Questions
- 403 Response from Google Cloud Functions
- GCP IAM: Binding role to Service Account fails
- IAM role condition not applying
- service account permission issue while deploying cloud function
- GCP IAM Permission - Service Account not able to have permission
- How to resolve GCloud permissions?
- No GOOGLE_APPLICATION_CREDENTIALS in Cloud Functions deployment
- Endpoint for Cloud Function returns 403 Forbidden
- Missing Cloud Function User Agent role in Google Cloud IAM
- Problems with permissions on Google Cloud IAM