With the API Gateway working, you can now remove unauthenticated access to the Cloud Run services by revoking the roles/run.invoker role from allUsers from the Cloud Run service.
This is because the API Gateway has the roles/run.invoker role to call the Cloud Run service on your behalf. This will also be the case for the other services you added to the API Gateway.
Summary
You’ve successfully configured and exposed your Cloud Run services in a secure manner via an API Gateway. Furthermore, you’ve leveraged Cloud Storage to host the user interface.
For this project, you used the following services directly:
- OpenAPI is used to design and define the structure of the API, setting clear standards for its behavior.
- Cloud Run is used to host the UI in an NGINX container.
- Cloud Build is used to build the backend services for the UI via a Dockerfile, although you did not use it directly.
- Cloud Storage is used to host the static website content.
- API Gateway allowed you to expose the API to the internet securely and efficiently, enabling robust access to the backend services.
Coming Next
Now that all components of the Skills Mapper application are deployed, Part III introduces you to the key facilities. These include the laboratory, citadel, factory, and observatory. These facilities are vital for making an application like this manageable and operational.
In Chapter 11, you’ll discover how both the API and UI from this chapter can be fronted by a Global HTTP Load Balancer. This strategy will provide a unified, secure URL for accessing your application, thus enhancing its accessibility and usability.
You’ll also go on to explore how to address the inherent complexity of the system by automating the deployment process further. In addition, you will delve into ways to enhance observability, ensuring that you have clear insight into your application’s performance. Finally, I’ll discuss how to make your system production-ready, focusing on stability, performance, and security. Get ready for making your application robust, resilient, and production-worthy.