Reputation: 1021
How dangerous is it for me to leave a Cloud Function exposed to the public?
I have a cloud function that must be exposed to the public, because I need to call the cloud function from an iOS shortcut. Oauth2.0 is a limitation of iOS shortcuts right now. I tried for 2 hours to exchange a self-signed JWT for a Google-signed ID token but was not able to figure it out.
How dangerous is it for me to leave this cloud function exposed to the public? I understand a bad actor could find this end point and hit it repeatedly to drive up my costs, but would restricting the number of instances to 1-2 prevent that?
Is there anything else I can do to increase security? Thanks in advance.
Upvotes: 1
Views: 308
Answers (1)
Reputation: 75735
If you set the max instance to 1 or 2, you will prevent the high cost, but your service will be unvailable for legit requests. So, the user experience will be terrible.
It's hard to protect your service against bad actors. One solution can be to add a load balancer in front of your Cloud Functions and to use Cloud Armor, a waf, on top of it. If you detect bad actors IPs, you can deny them in Cloud Armor.
Upvotes: 1
Related Questions
- Run untrusted code at Google Cloud Functions
- Passing sensitive information to cloud functions
- How do i handle secrets in Google Cloud Functions?
- security rules for cloud function
- security doubts about google cloud functions
- Firebase callable cloud functions security & CORS
- Securing Cloud Function Using API Gateway
- Google Cloud Function not created with Private access
- Securing HTTP cloud function
- Google Cloud Function to be not accessible publicly