Hello,

I am deploying a cloudrun that should be accessed from load balancer. As per my client's security requirements, they want the cloudrun to be private (aka require authentication to be invoked)

So I created my cloud run, my backend-neg, the load balancer backend & frontend with the proper SSL for my subdomain.

I gave the load balancer default service account  "service-[PROJECT_NUMBER]@serverless-robot-prod.iam.gserviceaccount.com" access to said cloudrun in the IAM permissions. 

No matter what I do, what LLM I use to ask for help, I always get 403 when I go to my domain & the cloudurn logs always display "The request was not authenticated. Either allow unauthenticated invocations or set the proper Authorization header. Read more at https://cloud.google.com/run/docs/securing/authenticating Additional troubleshooting documentation can be found at: https://cloud.google.com/run/docs/troubleshooting#unauthorized-client"

If I change my cloudrun configuration to allow unauthenticated invocations, it works just fine.

Please note that I am not trying to setup Identity Aware Proxy. There is no end user authentication here. I just need the load balancer to be able to connect to cloudrun through its own service account access