Use this option if your service is a public API or website.
You can allow unauthenticated invocations to a service by assigning the IAM
Cloud Run Invoker role to the
allUsers member type, at any time using
the console or the gcloud command line:
When creating a new service, you can allow unauthenticated invocations by checking the checkbox labelled Allow unauthenticated invocations.
To allow unauthenticated invocations for an existing service:
Go to the Google Cloud Console:
Select the service you want to make public.
Click Show Info Panel in the top right corner to show the Permissions tab.
In the Add members field,
Select the Cloud Run Invoker role from the Select a role drop-down menu.
When creating a new service with
gcloud run deploy, you are
prompted to "Allow unauthenticated access".
Alternatively, when you use the
gcloud run deploy command, you can
specify explicitly whether or not to make your service publicly accessible:
gcloud run deploy SERVICE ... --allow-unauthenticated
To allow unauthenticated invocations for an existing service, grant the
allUsers member type the
roles/run.invoker role on the service:
gcloud run services add-iam-policy-binding SERVICE \ --member="allUsers" \ --role="roles/run.invoker"
Create a file named
policy.yaml with the following content:
bindings: - members: - allUsers role: roles/run.invoker
Allow unauthenticated invocations for the existing SERVICE using:
gcloud run services set-iam-policy SERVICE policy.yaml