Deny direct access to Google Cloud Run/Functions and allow via Loadbalancer
I would like to deny direct access to Cloudfunctions with their default URL as:
https://europe-west1-helloworld.cloudfunctions.net/function-name
And only allow access via GCP Load balancer
I would expect creating some kind of service-account which would be used by Loadbalancer when accessing the Functions/Run containers, but it is not possible to assign any.
My current state is:
- When I assign
allUsersin Cloud Functions's permissions, I can access it both directly and via LB. - When I remove the
allUsers, I cannot access them neither directly, neither via LB.
Solution
You can achieve this by deploying, or editing your cloud functions and configure the "connection" section. Here, set the ingress option to accept only connection coming from internal VPC network (and shared VPC and VPC SC) and Load Balancer.
See picture here.
- Firebase onAuthStateChanged user returns null when on localhost
- How do I list all resources in a particular google cloud project?
- What am I doing wrong to get this error for Google Vision API
- How do I propagate resource labels to my GKE application's GCE disks backing its PVCs?
- How to avoid TypeError when using Python ApacheBeam for DataFlow?
- Why would Mysql return "error Column cannot be null"?
- Firebase login with GCP service account
- Installing Google Cloud SDK using Windows SSL error
- Serverless VPC access connector is in a bad shape
- Google Chat API Permission Issues
- skip header while reading a CSV file in Apache Beam
- firebase client cannot connect to correct firebase database
- Cloud Build private DNS GCP
- Configure a principal that can only approve and revoke grant requests in GCP PAM
- GCP authentication fails in GitHub actions - IaC with Terraform
- Creating two Google Cloud VPCs in different regions using the same Terraform main.tf file
- google-github-actions/get-gke-credentials failed with: required "container.clusters.get" permission(s)
- Proper implementation of post-startup script in Vertex AI Instances
- How to delete all files in a firebase storage directory
- What happens if you call batch.commit() on Firebase and your quota is exceeded part way through the commit?
- Cloud Run Direct VPC Egress Connection Timeout Issue
- Upload content from GET request to Cloud Storage
- Call Google Cloud Functions from App Scripts
- How to give Workflows service agent access to a service account?
- Set up Structured logging in cloud composer
- How can I check that .gcloudignore in GC bucket works properly?
- Unable to connect PostgreSQL(pgAdmin 4) to the Google Cloud Platform
- Upload file to Google Cloud Storage using HMAC key in c#
- Limit download rate from google cloud storage (python library)
- Data Transfer from BQ To CLoud SQL