I've hosted a service, let it be simple webpage on Cloud Run Service and set security to
""
Require authentication -
Manage authorized users with Cloud IAM.
""
Added the approved account to IAM with roles as Cloud Run Invoker (or any other up to admin). When accessing the service via url provided in that cloud run service. It still returns me with:
Error: Forbidden (403) Your client does not have permission to get URL / from this server.
I supposed that this would allow certain accounts to access the service (webpage) securily. Am i missing something or it's not what i thought it
edit: please read main post comments for additional information, thanks!
If you need to expose a website on Cloud Run or App Engine, and you want to secure the access to Google account users, IAP (identity aware proxy) if the right solution for you.
It's an authentication proxy that redirects the user to a Google authentication page if it is not authenticated, checks if the authenticated identity is authorized on your website, and, if so, add all the required information to all access to your protected backend.
IAP for AppEngine is pretty easy to deploy
IAP for Cloud Run requires a Load Balancer ($14 per month of additional cost)