DEV Community

Ryo Kuroyanagi
Ryo Kuroyanagi

Posted on

2 1

How to limit access to your Internal users with Cloud Run

Let me explain how to restrict access to Cloud Run other than by your internal users of Google Workspace. It's useful because we do not have to implement any login feature as our server implementation. I used this for our internal admin tool to shutout by external users.

Before you start, you need to setup a load balancer for your Cloud Run service and create OAuth consent screen. Please check my article if you have not set a load balancer up yet and check Configure the OAuth consent screen to create your OAuth consent screen.

Please go to Identity-Aware Proxy setting. You should see load balancers you have. Turn on IAP for your target load balancer which is connected to your target Cloud Run service.

Image description

Next, mark as checked the checkbox of the target load balancer. A side panel should show up in the right hand side. Please click the ADD PRINCIPAL button.

Image description

Then add accounts that you want to let access to your Cloud Run service and set the IAP-secured Web App User as the role. Click SAVE.

Image description

You should see the IAP-secured Web App User section in Role / Principal list at the bottom of the right panel.
Image description

Lastly, please make sure that your Cloud Run service requires authentication to access.

Image description

That's it! Now your Cloud Run service rejects access other than by users with your Google Workspace accounts. The steps are pretty simple but adding principal / role is the step that it's easy to forgot.

Postmark Image

Speedy emails, satisfied customers

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Top comments (0)

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more