Securing Google Cloud Functions

By default, all functions are private, which means that only authenticated users who have been granted the proper permissions can create, update, delete, and invoke functions. Access control is granted on a per-function basis via Cloud IAM.

This allows for access control over two sets of actions:

  • Developer operations: creating, updating, and deleting functions, as well as managing access to functions.

  • Function invocation: administrators granting developers, other services, and end-users permission to invoke a function.

Functions also have their own identity, which is used when calling Google Cloud services or other functions. The permissions associated with this identity can be restricted in order to give functions least privilege access.

Hai trovato utile questa pagina? Facci sapere cosa ne pensi:

Invia feedback per...

Cloud Functions