Disabling Unauthenticated Access to Cloud Run Services – API and User Interface with API Gateway and Cloud Storage

With the API Gateway working, you can now remove unauthenticated access to the Cloud Run services by revoking the roles/run.invoker role from allUsers from the Cloud Run service. This is because the API Gateway has the roles/run.invoker role to call the Cloud Run service on your behalf. This will also be the case for the […]

Deploying the UI Container to Cloud Run – API and User Interface with API Gateway and Cloud Storage

As the user interface container does not need any configuration, you do not need to configure any environment variables. It will also run without needing any additional permissions, so you do not need to configure any IAM roles. However, by default, it will use the default service account for the project which has more permissions […]

Requirements – API and User Interface with API Gateway and Cloud Storage

In previous chapters, you developed three separate Cloud Run services that collectively constitute the backend for the Skills Mapper application. While the benefit of this arrangement is that each service can be individually maintained and scaled, it has led to a somewhat fragmented system. Navigating this structure currently requires an understanding of which functionality is […]

Evaluation – Profile Service with Pub/Sub and Firestore

Let’s evaluate the solution in terms of cost. Overall, this is a low-cost solution; it is taking good advantage of cloud native services. The costs are broken down as follows. Firestore Firestore is a relatively cheap way to store data, as you are not paying for compute resources and are only storing small amounts of […]