How to make my Cloud Function only be called from my GCP service account
As seen below I am editing the permissions for access to my Cloud Function called task. I am following the advice from GCP that says the following:
This resource is public and can be accessed by anyone on the internet. To remove public access, remove "allUsers" and "allAuthenticatedUsers" from the resource's members.
so that my function can only be called from my GCP. So I removed the allUsers access for the Cloud Functions Invoker role. But now I am trying to add a new member (service account) with the Cloud Functions Invoker role:
However I don't know what service account my Cloud Tasks are fired from. I've created a new service account with only Cloud Tasks permissions but I don't know how to actually make my Cloud Tasks use this service account when executing. There doens't seem to be an option for that:
Any idea?
According to the Google docs, "Cloud Tasks can call HTTP Target handlers that require authentication if you have a service account with the appropriate credentials to access the handler."
You may need to create a service account and give the appropriate roles to it.
Please follow the official Google documentation [1] where the steps to follow are detailed.
[1] - https://cloud.google.com/tasks/docs/creating-http-target-tasks#sa
- How to connect to AlloyDB using Auth Proxy and Python?
- How to pull docker image from Google Artifact Registry in k8s deployment.yaml via imagePullSecrets
- Configure uptime check via trigger cloudbuild YAML
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Query data in a key-value table
- Is it possible to create daily budget alerts in GCP?
- Get service account auth token without gcloud?
- GoogleHadoopOutputStream: hflush(): No-op due to rate limit
- Delete all objects from a directory in google storage bucket using cloud storage options
- How do I add a .env file in gitlab ci during deployment stage?
- Bigquery: "User does not have bigquery.jobs.create permission" with roles/bigquery.admin
- Are GCP workflow shared variables thread safe?
- Stripe Error: No signatures found matching the expected signature for payload
- Google Cloud REST API for Artifact Registry - URL is 404
- Google Cloud Run weird behaviour only for path /healthz
- Autopilot GKE Cluster: GCE quota exceeded and insufficient CPU error
- Google Apps Script 403: The caller does not have permission
- Querying for a Google Dataplex Entry only returns names of attached custom Aspects, not the Aspect values
- Why are BQ snapshots using the full storage amount of the original table?
- Google Document AI value types Money vs Currency
- Access Blocked: <project> has not completed the Google verification process
- How to fetch real-time google cloud run job logs?
- How do I know if an Google App Engine instance is Standard or Flexible?
- How to get the latest key version in Google Cloud KMS?
- `PermissionError: [Errno 13] Permission denied: 'C:/Users'` on Google Cloud Storage
- What is the effect of assigning an IAM role to a domain in GCP?
- Permission 'storage.buckets.get' denied on resource (or it may not exist)
- Firestore Bandwidth costs for downloading documents with large embedding vectors
- Google Cloud Functions: missing main.py
- Batch Prediction for Object Detection Auto ML took so long