DEV Community 👩‍💻👨‍💻

Ryo Kuroyanagi
Ryo Kuroyanagi

Posted on

How to limit access to your Internal users with Cloud Run

Let me explain how to restrict access to Cloud Run other than by your internal users of Google Workspace. It's useful because we do not have to implement any login feature as our server implementation. I used this for our internal admin tool to shutout by external users.

Before you start, you need to setup a load balancer for your Cloud Run service and create OAuth consent screen. Please check my article if you have not set a load balancer up yet and check Configure the OAuth consent screen to create your OAuth consent screen.

Please go to Identity-Aware Proxy setting. You should see load balancers you have. Turn on IAP for your target load balancer which is connected to your target Cloud Run service.

Image description

Next, mark as checked the checkbox of the target load balancer. A side panel should show up in the right hand side. Please click the ADD PRINCIPAL button.

Image description

Then add accounts that you want to let access to your Cloud Run service and set the IAP-secured Web App User as the role. Click SAVE.

Image description

You should see the IAP-secured Web App User section in Role / Principal list at the bottom of the right panel.
Image description

Lastly, please make sure that your Cloud Run service requires authentication to access.

Image description

That's it! Now your Cloud Run service rejects access other than by users with your Google Workspace accounts. The steps are pretty simple but adding principal / role is the step that it's easy to forgot.

Top comments (0)

Make Your Github Profile Stand Out

Github is great, but have you considered how to make yours more attractive for potential employers or other visitors? Even non-tech ones like recruiters!

Take a couple of hours and show your best side as a person - and a programmer.