Connect to Google Cloud services

Stay organized with collections Save and categorize content based on your preferences.

This page lists Google Cloud services that work well with Cloud Run and those that are not-yet supported for Cloud Run. It also briefly describes accessing services in your code and describes the integrations feature that simplifies the use of select services.

Connecting to Google Cloud services in code

You can use Cloud Run with the supported Google Cloud services using the client libraries they provide. For code samples showing how to connect with a particular Google Cloud service, refer to the documentation provided for that Google Cloud service.

You do not need to provide credentials manually inside Cloud Run container instances when using the Google Cloud client libraries.

Note that Cloud Run uses a default runtime service account that has the Project > Editor role, which means it is able to call all Google Cloud APIs and have read and write access on all resources in your Google Cloud project. You can restrict this by assigning a service account with a minimal set of permissions to your Cloud Run services. For example, if your Cloud Run service is only reading data from Firestore, we recommend assigning it a service account that only has the Firestore User IAM role.

Integrations

The integrations feature provides a simple Google Cloud console UI and Google Cloud CLI that create and configure the resources and services needed for the specific integration, eliminating the complicated steps that would otherwise be required.

Integrations are currently supported for the following usages:

More integrations are expected to be rolled out in the future.

The following table lists services recommended for Cloud Run.

Tools

Service Description
Cloud Build Build container images, continuous integration and delivery.
Artifact Registry Store container images.
Google Cloud's operations suite Monitoring and logging of Cloud Run services.

Data storage

Service Description
Firestore Fully managed NoSQL database.
Cloud Spanner Fully managed, scalable, relational database.
Cloud SQL Fully managed relational database. Refer to Connecting to Cloud SQL instances.
Cloud Storage Object storage. Store objects and serve static content.
Memorystore Fully managed in-memory data store service. Connect to your VPC network to access Memorystore instances. Refer to Connecting to a Redis instance from a Cloud Run service.
BigQuery Fully managed cloud data warehouse for analytics. Cloud Run services can be used to implement custom BigQuery remote functions.
Secret Manager Create and access secrets.
Filestore Fully managed NFS file servers on Google Cloud

Orchestration

Service Description
Pub/Sub Push events to Cloud Run services. Refer to the Using Pub/Sub with Cloud Run Tutorial.
Cloud Scheduler Trigger Cloud Run services on a schedule.
Cloud Tasks Execute asynchronous tasks on Cloud Run. Refer to HTTP Target tasks with authentication tokens.
Workflows Orchestrate and automate Cloud Run services.

Web-apps

Service Description
Identity Platform Login your users.
Firebase Hosting Fully managed hosting service for static and dynamic content with configurable CDN caching.

Networking

Service Description
Virtual Private Cloud Managed networking functionality for your Google Cloud resources. Refer to Connecting to a VPC network.
external HTTP(S) load balancer Use serverless NEGs to configure a Cloud Run backend for an external HTTP(S) load balancer.
internal HTTP(S) load balancer (Preview) Use serverless NEGs to run your Cloud Run services behind an internal IP address.
Google Cloud Armor Helps protect your applications and websites against denial of service and web attacks.
Cloud CDN Cloud CDN is supported via HTTP(S) Load Balancing.
API Gateway Fully managed API management including routing, authentication, API keys, rate limiting, and quota.

Security

Service Description
Identity-Aware Proxy (Preview) Use identity and context to guard access to your services.
Binary Authorization Deploy only container images that you trust.

Services not yet supported

The following table lists services that are not yet supported by Cloud Run.

Service Notes
Web Security Scanner