Securing Google Cloud Functions

Access control is granted on a per-function basis via Cloud IAM. This allows for access control over two sets of actions:

Developer operations: creating, updating, and deleting functions, as well as managing access to functions.
Function invocation: causing a function to be executed.

Functions also have their own identity, which is used when calling Google Cloud services or other functions. The permissions associated with this identity can be restricted in order to give functions least privilege access.

Securing Google Cloud Functions

Authenticating to functions

Learn how to authenticate developers, functions, and end-users to your functions.
Managing access to functions

Learn how to manage developer, function, and end-user access to your functions.
Understanding function identity

Learn about what identity your function runs as and how to configure it.

Was this page helpful? Let us know how we did:

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Securing Google Cloud Functions

Authenticating to functions

Managing access to functions

Understanding function identity

Send feedback about...