Allowing public (unauthenticated) access

Use this option if your service is a public API or website.

You can allow unauthenticated invocations to a service by assigning the IAM Cloud Run Invoker role to the allUsers member type, at any time using the console or the gcloud command line:

Console UI

When creating a new service, you can allow unauthenticated invocations by checking the checkbox labelled Allow unauthenticated invocations.

To allow unauthenticated invocations for an existing service:

  1. Go to the Google Cloud Platform Console:

    Go to Google Cloud Platform Console

  2. Select the service you want to make public.

  3. Click Show Info Panel in the top right corner to show the Permissions tab.

  4. In the Add members field, allUsers

  5. Select the Cloud Run Invoker role from the Select a role drop-down menu.

  6. Click Add.

GCloud

When creating a new service with gcloud run deploy, you are prompted to "Allow unauthenticated access".

Alternatively, when you use the gcloud run deploy command, you can specify explicitly whether or not to make your service publicly accessible:

gcloud run deploy SERVICE_NAME ... --allow-unauthenticated

To allow unauthenticated invocations for an existing service, grant the special allUsers member type the roles/run.invoker role on the service:

  gcloud run services add-iam-policy-binding SERVICE_NAME \
    --member="allUsers" \
    --role="roles/run.invoker"
Oliko tästä sivusta apua? Kerro mielipiteesi

Palautteen aihe:

Tämä sivu
Cloud Run Documentation