1. Answers
  2. Setting up domain-restricted sharing for Cloud Run services

How do I set up domain-restricted sharing for Cloud Run services?

In this guide, we will set up domain-restricted sharing for a Cloud Run service using Pulumi. We will create a Cloud Run service and configure IAM policies to restrict access to users from a specific domain.

Key Points

  • Create a Cloud Run service.
  • Set up IAM policy to restrict access to a specific domain.
  • Use Pulumi to manage and deploy the infrastructure.

Code

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

// Define the Cloud Run service
const cloudRunService = new gcp.cloudrun.Service("my-service", {
    location: "us-central1",
    template: {
        spec: {
            containers: [{
                image: "gcr.io/cloudrun/hello",
            }],
        },
    },
});

// Define the IAM policy to restrict access to a specific domain
const domainRestrictedIamPolicy = new gcp.cloudrun.IamPolicy("domain-restricted-policy", {
    location: cloudRunService.location,
    service: cloudRunService.name,
    policyData: pulumi.interpolate`{
        "bindings": [
            {
                "role": "roles/run.invoker",
                "members": [
                    "domain:example.com"
                ]
            }
        ]
    }`,
});

export const serviceUrl = cloudRunService.statuses.apply(statuses => statuses[0].url);

Summary

We have successfully set up a Cloud Run service and configured an IAM policy to restrict access to users from a specific domain using Pulumi. This allows only users from the specified domain to invoke the Cloud Run service.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up