Menu
I have an Angular web app i want to deploy using Google Cloud run. However I need the app be visible only from a list of predefined IP addresses.
Can I simply set the ip allow/deny rules under Google cloud platform firewall or do I need another method?
Thanks in advance,
Nico
258
Google is clear about this point:
Don't trust the network
By the way, the Google top priority in development don't rely on IP origin but on token for identity and authorization.
For Cloud Run, you have Google Front End (GFE) which act as proxy, check the authentication (in case of private Cloud Run), ensure that the SSL certificate is deployed and valid,... It's not possible to customize it with IP filtering
Even if you plug a Endpoint (ESP) gateway in front of your Cloud Run service, it is not possible to filter on IP among all the security method. The easiest for your should be to use API key, I wrote an article on this
In the futur, Cloud Run will be compliant with Loadbalancer. Not sure that will be enough for filtering IP.
All of this for telling you that, if you want to implement IP filtering in top of Cloud Run (and Cloud Function), you have to implement it by yourself.
131
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
