Disabling Unauthenticated Access to Cloud Run Services – API and User Interface with API Gateway and Cloud Storage

With the API Gateway working, you can now remove unauthenticated access to the Cloud Run services by revoking the roles/run.invoker role from allUsers from the Cloud Run service. This is because the API Gateway has the roles/run.invoker role to call the Cloud Run service on your behalf. This will also be the case for the […]

Deploying the UI Container to Cloud Run – API and User Interface with API Gateway and Cloud Storage

As the user interface container does not need any configuration, you do not need to configure any environment variables. It will also run without needing any additional permissions, so you do not need to configure any IAM roles. However, by default, it will use the default service account for the project which has more permissions […]

Creating a Secret in Secret Manager – Fact Service with Spring Boot, Cloud Run, and Cloud SQL

Before establishing a connection between the Cloud Run service and the Cloud SQL database, it’s necessary to create a secret in Secret Manager to safely store the database user’s password. Secret Manager is a secure and convenient solution provided by Google Cloud for managing sensitive information like passwords, API keys, and other secrets. It ensures […]

Implementation – Fact Service with Spring Boot, Cloud Run, and Cloud SQL

Let’s get hands-on and implement this project. Creating a New Spring Boot Project To create a new Spring Boot project, you can use the Spring Initializr. This is a web application that allows you to create a new Spring Boot project with several initial dependencies. You will use the following dependencies: This is a great […]

Solution – Fact Service with Spring Boot, Cloud Run, and Cloud SQL

When choosing how to implement this requirement, you need to answer several questions: Where to run the compute? For this service, you have a long-running process, so it is not suitable for Cloud Functions. You will be using Java and Spring Boot in a container, so the startup time will be several seconds when using […]

Securing – Skill Service with Cloud Run

As in Chapter 5 with Cloud Functions, this Cloud Run service is currently using a default service account with broad permissions. Cloud Run is also allowing unauthenticated invocations of the service. This may be OK for testing, but in a production environment, you would want to secure the service, and you will see how to […]