Connect to Google Cloud services

This page lists Google Cloud services that work well with Cloud Run and those that are not yet supported for Cloud Run.

Connect to Google Cloud services in code

You can connect your Cloud Run service to Google Cloud services by using the client libraries they provide. For code samples showing how to connect with a particular Google Cloud service, refer to the documentation provided for that Google Cloud service.

To call Google Cloud APIs from your code, the Cloud Run service identity must have the minimal set of permissions to your Cloud Run services. For example, if your Cloud Run service is only reading data from Firestore, we recommend assigning it a service account that only has the Firestore User IAM role.

The Google Cloud environment uses Application Default Credentials (ADC) to automatically detect whether the Cloud Run service identity is authenticated to use the Google Cloud client libraries and perform the API operation.

The following table lists services recommended for Cloud Run.

Tools

Service Description
Cloud Build Build container images and continuous integration.
Artifact Registry Store container images.
Cloud Deploy Continuous delivery.
Google Cloud Observability Monitoring and logging of Cloud Run services.

Data storage

Service Description
Firestore Fully managed NoSQL database.
Spanner Fully managed, scalable, relational database.
Cloud SQL Fully managed relational database. Refer to Connecting to Cloud SQL instances.
Cloud Storage Object storage. Store objects and serve static content. Use Cloud Storage client libraries or mount Cloud Storage volumes
Memorystore Fully managed in-memory data store service. Connect to your VPC network to access Memorystore instances. Refer to Connecting to a Redis instance from a Cloud Run service.
BigQuery Fully managed cloud data warehouse for analytics. Cloud Run services can be used to implement custom BigQuery remote functions.
Secret Manager Create and access secrets.
Filestore Fully managed NFS file servers on Google Cloud

Orchestration

Service Description
Pub/Sub Push events to Cloud Run services. Refer to the Using Pub/Sub with Cloud Run Tutorial.
Cloud Scheduler Trigger Cloud Run services on a schedule.
Cloud Tasks Execute asynchronous tasks on Cloud Run. Refer to HTTP Target tasks with authentication tokens.
Workflows Orchestrate and automate Cloud Run services.

Web-apps

Service Description
Identity Platform Login your users.
Firebase Hosting Fully managed hosting service for static and dynamic content with configurable CDN caching.

Networking

Service Description
Virtual Private Cloud Managed networking functionality for your Google Cloud resources. Refer to Connecting to a VPC network.
External Application Load Balancer Use serverless NEGs to configure a Cloud Run backend for an external Application Load Balancer.
Internal Application Load Balancer Use serverless NEGs to run your Cloud Run services behind an internal IP address.
Google Cloud Armor Helps protect your applications and websites against denial of service and web attacks.
Cloud CDN Cloud CDN is supported with external Application Load Balancers.

Security

Service Description
Identity-Aware Proxy Use identity and context to guard access to your services.
Binary Authorization Deploy only container images that you trust.

Services not yet supported

The following table lists services that are not yet supported by Cloud Run.

Service Notes
Web Security Scanner
Container Threat Detection