How do I set up domain-restricted sharing for Cloud Run services?
In this guide, we will set up domain-restricted sharing for a Cloud Run service using Pulumi. We will create a Cloud Run service and configure IAM policies to restrict access to users from a specific domain.
Key Points
- Create a Cloud Run service.
- Set up IAM policy to restrict access to a specific domain.
- Use Pulumi to manage and deploy the infrastructure.
Code
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
// Define the Cloud Run service
const cloudRunService = new gcp.cloudrun.Service("my-service", {
location: "us-central1",
template: {
spec: {
containers: [{
image: "gcr.io/cloudrun/hello",
}],
},
},
});
// Define the IAM policy to restrict access to a specific domain
const domainRestrictedIamPolicy = new gcp.cloudrun.IamPolicy("domain-restricted-policy", {
location: cloudRunService.location,
service: cloudRunService.name,
policyData: pulumi.interpolate`{
"bindings": [
{
"role": "roles/run.invoker",
"members": [
"domain:example.com"
]
}
]
}`,
});
export const serviceUrl = cloudRunService.statuses.apply(statuses => statuses[0].url);
Summary
We have successfully set up a Cloud Run service and configured an IAM policy to restrict access to users from a specific domain using Pulumi. This allows only users from the specified domain to invoke the Cloud Run service.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.