Menu
I'm developing an app using GCP managed Cloud Run and MongoDB Atlas. If I allow connection from anywhere for IP Whitelist of Atlas, Cloud Run perfectly works well with MongoDB Atlas. However, I want to restrict connection only for necessary IPs but I cloud't find outbound IPs of Cloud Run. Any way to know the outbound IPs?
258
By default, a Cloud Run service connects to external endpoints on the internet using a dynamic IP address pool.
Outbound services, such as the URL Fetch, Sockets, and Mail APIs, make use of a large pool of IP addresses. The IP address ranges in this pool are subject to routine changes. In fact, two sequential API calls from the same application may appear to originate from two different IP addresses.
Type "ipconfig" in the command prompt window and take note of the IP address displayed. If you have multiple network ports in use, like an Ethernet port and a Wi-Fi adaptor, you may see more than one. On a macOS or Linux system, you can use the similarly named "ifconfig" command line tool for the same purpose.
An external IP address is a publicly routed IP address. You can assign an external IP address to the network interface of a Google Cloud VM. External IP address. External IP addresses are publicly advertised, meaning they are reachable by any host on the internet.
Update (October 2020): Cloud Run has now launched VPC egress feature that lets you configure a static IP for outbound requests through Cloud NAT. You can follow this step by step guide in the documentation to configure a static IP to whitelist at MongoDB Atlas.
Until Cloud Run starts supporting Cloud NAT or Serverless VPC Access, unfortunately this is not supported.
As @Steren has mentioned, you can create a SOCKS proxy by running a ssh client that routes the traffic through a GCE VM instance that has a static external IP address.
I have blogged about it here: https://ahmet.im/blog/cloud-run-static-ip/, and you can find step-by-step instructions with a working example at: https://github.com/ahmetb/cloud-run-static-outbound-ip
109
Cloud Run (like all scalable serverless products) does not give you dedicated IP addresses that are known to be the origination of outgoing traffic. See also: Possible to get static IP address for Google Cloud Functions?
23
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
