Reputation: 89
Google Cloud Load Balancer Cloud Run Developer Access
I have a Google CloudRun Service, that is can be accessed either by the CloudRun URL or by a custom domain via a Load Balancer in the Google Cloud.
Now I am trying to setup some kind of access control, so that the Service which run the Development Stage can only be accessed by logged-in developers.
So far I tried to set the Trigger Configuration of the CloudRun Service to authentication required. That works for the base CloudRun URL, but on adding a path to the base URL I get a Forbidden error, even if I could access the base URL. And Accessing the Service via the LoadBalancer always gives a Forbidden.
Is there a way to make the CloudRun Service Accessible (including different Paths) only to LoggedIn Developers?
And also is there a way to make the Service only accessible by the LoadBalancer URL and not the CloudRun URL?
Upvotes: 1
Views: 476
Answers (2)
Reputation: 3604
"Authentication required" for a Cloud Run service really means "Token required". It checks that the right token is attached to the request, but it's up to you how to add that token. Because of that I think it's mostly useful for machine-to-machine communication. It doesn't provide a log-in user interface or client-side code that attaches tokens to users' requests.
If you do want that, Identity Aware Proxy can provide it.
Upvotes: 0
Reputation: 31
Once you require authentication, all requests need to include a token authorized to access the service via any endpoint. You can check out more information here: https://cloud.google.com/run/docs/authenticating/developers
There's also a tool in the gcloud CLI for Cloud Run to make this process easier. If you try gcloud beta run services proxy [your-service], the service will be proxied to localhost, with your identity token included by default.
For restricting access only via the Load Balancing URL, There's an ingress setting (also settable under the 'triggers' tab). This can be set to 'internal and cloud load balancing'.
You can find more info here: https://cloud.google.com/run/docs/securing/ingress
Upvotes: 3
Related Questions
- GCP Load balancer with cross project Cloud Run services
- how to create a load balancer for app engine and cloud run
- Google Cloud Run url redirection
- Does google cloud run need load balancing?
- Configuring Cloud Run services and GCS Buckets with a load balancer
- GCP: HTTP(S) Load Balancing backend service region select
- GCP Cloud Deployment Load Balancer Backend Bucket
- Google Load-Balancing CDN
- google compute engine load balancer
- Google Compute Load Balancer