Servizi Cloud Run sicuri
Mantieni tutto organizzato con le raccolte
Salva e classifica i contenuti in base alle tue preferenze.
Crea due servizi: uno per il frontend pubblico e l'altro per il backend sicuro. Utilizza i criteri IAM per configurare l'accesso.
Esempio di codice
Salvo quando diversamente specificato, i contenuti di questa pagina sono concessi in base alla licenza Creative Commons Attribution 4.0, mentre gli esempi di codice sono concessi in base alla licenza Apache 2.0. Per ulteriori dettagli, consulta le norme del sito di Google Developers. Java è un marchio registrato di Oracle e/o delle sue consociate.
[[["Facile da capire","easyToUnderstand","thumb-up"],["Il problema è stato risolto","solvedMyProblem","thumb-up"],["Altra","otherUp","thumb-up"]],[["Difficile da capire","hardToUnderstand","thumb-down"],["Informazioni o codice di esempio errati","incorrectInformationOrSampleCode","thumb-down"],["Mancano le informazioni o gli esempi di cui ho bisogno","missingTheInformationSamplesINeed","thumb-down"],["Problema di traduzione","translationIssue","thumb-down"],["Altra","otherDown","thumb-down"]],[],[],[],null,["# Secure Cloud Run services\n\nCreate two services; one a public front end, the other a secure backend. Uses IAM policies to configure access.\n\nCode sample\n-----------\n\n### Terraform\n\n\nTo learn how to apply or remove a Terraform configuration, see\n[Basic Terraform commands](/docs/terraform/basic-commands).\n\n\nFor more information, see the\n[Terraform provider reference documentation](https://registry.terraform.io/providers/hashicorp/google/latest/docs).\n\n resource \"google_cloud_run_v2_service\" \"renderer\" {\n name = \"renderer\"\n location = \"us-central1\"\n\n deletion_protection = false # set to \"true\" in production\n\n template {\n containers {\n # Replace with the URL of your Secure Services \u003e Renderer image.\n # gcr.io/\u003cPROJECT_ID\u003e/renderer\n image = \"us-docker.pkg.dev/cloudrun/container/hello\"\n }\n service_account = google_service_account.renderer.email\n }\n }\n\n resource \"google_cloud_run_v2_service\" \"editor\" {\n name = \"editor\"\n location = \"us-central1\"\n\n deletion_protection = false # set to \"true\" in production\n\n template {\n containers {\n # Replace with the URL of your Secure Services \u003e Editor image.\n # gcr.io/\u003cPROJECT_ID\u003e/editor\n image = \"us-docker.pkg.dev/cloudrun/container/hello\"\n env {\n name = \"EDITOR_UPSTREAM_RENDER_URL\"\n value = google_cloud_run_v2_service.renderer.uri\n }\n }\n service_account = google_service_account.editor.email\n\n }\n }\n\n resource \"google_service_account\" \"renderer\" {\n account_id = \"renderer-identity\"\n display_name = \"Service identity of the Renderer (Backend) service.\"\n }\n\n resource \"google_service_account\" \"editor\" {\n account_id = \"editor-identity\"\n display_name = \"Service identity of the Editor (Frontend) service.\"\n }\n\n resource \"google_cloud_run_service_iam_member\" \"editor_invokes_renderer\" {\n location = google_cloud_run_v2_service.renderer.location\n service = google_cloud_run_v2_service.renderer.name\n role = \"roles/run.invoker\"\n member = \"serviceAccount:${google_service_account.editor.email}\"\n }\n\n data \"google_iam_policy\" \"noauth\" {\n binding {\n role = \"roles/run.invoker\"\n members = [\n \"allUsers\",\n ]\n }\n }\n\n resource \"google_cloud_run_service_iam_policy\" \"noauth\" {\n location = google_cloud_run_v2_service.editor.location\n project = google_cloud_run_v2_service.editor.project\n service = google_cloud_run_v2_service.editor.name\n\n policy_data = data.google_iam_policy.noauth.policy_data\n }\n\n output \"backend_url\" {\n value = google_cloud_run_v2_service.renderer.uri\n }\n\n output \"frontend_url\" {\n value = google_cloud_run_v2_service.editor.uri\n }\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=cloudrun)."]]
