This page lists Google Cloud services that work well with Cloud Run and those that are not yet supported for Cloud Run. It also briefly describes accessing services in your code and describes the integrations feature that simplifies the use of select services.
Connecting to Google Cloud services in code
You can use Cloud Run with the supported Google Cloud services using the client libraries they provide. For code samples showing how to connect with a particular Google Cloud service, refer to the documentation provided for that Google Cloud service.
You do not need to provide credentials manually inside Cloud Run instances when using the Google Cloud client libraries.
Note that Cloud Run uses a default runtime service account that has the Project > Editor role, which means it is able to call all Google Cloud APIs and have read and write access on all resources in your Google Cloud project. You can restrict this by assigning a service account with a minimal set of permissions to your Cloud Run services. For example, if your Cloud Run service is only reading data from Firestore, we recommend assigning it a service account that only has the Firestore User IAM role.
The integrations feature provides a simple Google Cloud console UI and Google Cloud CLI that create and configure the resources and services needed for the specific integration, eliminating the complicated steps that would otherwise be required.
Integrations are currently supported for the following usages:
- Map custom domains to Cloud Run services using global external HTTP(S) load balancer
- Connect a Cloud Run service to Redis cache using Memorystore
- Connect a Cloud Run service to Firebase Hosting
More integrations are expected to be rolled out in the future.
Services and tools recommended for use
The following table lists services recommended for Cloud Run.
|Cloud Build||Build container images and continuous integration.|
|Artifact Registry||Store container images.|
|Google Cloud Deploy||Continuous delivery.|
|Google Cloud's operations suite||Monitoring and logging of Cloud Run services.|
|Firestore||Fully managed NoSQL database.|
|Cloud Spanner||Fully managed, scalable, relational database.|
|Cloud SQL||Fully managed relational database. Refer to Connecting to Cloud SQL instances.|
|Cloud Storage||Object storage. Store objects and serve static content.|
|Memorystore||Fully managed in-memory data store service. Connect to your VPC network to access Memorystore instances. Refer to Connecting to a Redis instance from a Cloud Run service.|
|BigQuery||Fully managed cloud data warehouse for analytics. Cloud Run services can be used to implement custom BigQuery remote functions.|
|Secret Manager||Create and access secrets.|
|Filestore||Fully managed NFS file servers on Google Cloud|
|Pub/Sub||Push events to Cloud Run services. Refer to the Using Pub/Sub with Cloud Run Tutorial.|
|Cloud Scheduler||Trigger Cloud Run services on a schedule.|
|Cloud Tasks||Execute asynchronous tasks on Cloud Run. Refer to HTTP Target tasks with authentication tokens.|
|Workflows||Orchestrate and automate Cloud Run services.|
|Identity Platform||Login your users.|
|Firebase Hosting||Fully managed hosting service for static and dynamic content with configurable CDN caching.|
|Virtual Private Cloud||Managed networking functionality for your Google Cloud resources. Refer to Connecting to a VPC network.|
|external HTTP(S) load balancer||Use serverless NEGs to configure a Cloud Run backend for an external HTTP(S) load balancer.|
|internal HTTP(S) load balancer (Preview)||Use serverless NEGs to run your Cloud Run services behind an internal IP address.|
|Google Cloud Armor||Helps protect your applications and websites against denial of service and web attacks.|
|Cloud CDN||Cloud CDN is supported with external HTTP(S) load balancers.|
|API Gateway||Fully managed API management including routing, authentication, API keys, rate limiting, and quota.|
|Identity-Aware Proxy||Use identity and context to guard access to your services.|
|Binary Authorization||Deploy only container images that you trust.|
Services not yet supported
The following table lists services that are not yet supported by Cloud Run.
|Web Security Scanner|
|Container Threat Detection|