Hi Guys,

I have a Serverless VPC inside a shared VPC configured in my account, it's in a sub-project called shared-vpc.

In another sub-project, I deployed a Google Cloud Function in python which uses python's requests lib to perform HTTP rest to my Cloud Run container. My service on Cloud Run uses the same Serverless VPC as my Cloud Function and both (Cloud run and Cloud Function) are set to Allow unauthenticated invocations.

In short, I want VPC(Cloud Function -> HTTP REST -> Cloud Run).

I don't want my service exposed to the internet, so I set it to only internal traffic and routed all traffic inside VPC (ingress and egress). I also put my Cloud Function inside VPC.

The problem: I can't call my cloud run service endpoint from my cloud function, it always returns Acces Forbidden. Does anyone have tips or experience in similar cases? I also set multiple IAM permissions between projects to allow Function and Cloud Run to access VPC.