This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Cloud run with external loadbalancing + requere authentication

Posted a week ago
M4theus-r0ss1
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi guys,

I'm encountering an issue with my Cloud Run application.

The application works correctly when invoked by a user or instance with the "roles/run.invoker" permission. However, I now need to call this service from Azure Bot Services, which is an external service.

To expose my service to Azure Bot Services, I've configured an external Application Load Balancer with a serverless NEG backend pointing to my Cloud Run service. The problem is, when I try to access the ELB's external IP address, I receive the following error: "Error: Forbidden Your client does not have permission to get URL / from this server."

My research indicates that I might need to allow unauthenticated invocations for the Cloud Run service. However, an organizational policy prevents me from doing this.

Is there an alternative method to achieve my goal of calling the Cloud Run service from an external service like Azure Bot Services without allowing unauthenticated invocations?




0 1 81
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
mcbsalceda
Staff
Reply posted on --/--/---- --:-- AM

Hi @M4theus-r0ss1

To solve this without allowing unauthenticated access, you may use Identity-Aware Proxy (IAP) for authentication. Set up IAP on your Cloud Run service so it only accepts authenticated requests. Here’s how to do it. This should let you keep your service private while still allowing Azure Bot Services to connect.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

0 Likes