This page lists Google Cloud services that work well with Cloud Run and those that are not yet supported for Cloud Run.
Connect to Google Cloud services in code
You can connect your Cloud Run service to Google Cloud services by using the client libraries they provide. For code samples showing how to connect with a particular Google Cloud service, refer to the documentation provided for that Google Cloud service.
To call Google Cloud APIs from your code, the Cloud Run service identity must have the minimal set of permissions to your Cloud Run services. For example, if your Cloud Run service is only reading data from Firestore, we recommend assigning it a service account that only has the Firestore User IAM role.
The Google Cloud environment uses Application Default Credentials (ADC) to automatically detect whether the Cloud Run service identity is authenticated to use the Google Cloud client libraries and perform the API operation.
Services and tools recommended for use
The following table lists services recommended for Cloud Run.
Tools
| Service | Description |
|---|---|
| Cloud Build | Build container images and continuous integration. |
| Artifact Registry | Store container images. |
| Cloud Deploy | Continuous delivery. |
| Google Cloud Observability | Monitoring and logging of Cloud Run services. |
Data storage
| Service | Description |
|---|---|
| Firestore | Fully managed NoSQL database. |
| Spanner | Fully managed, scalable, relational database. |
| Cloud SQL | Fully managed relational database. Refer to Connecting to Cloud SQL instances. |
| Cloud Storage | Object storage. Store objects and serve static content. Use Cloud Storage client libraries or mount Cloud Storage volumes |
| Memorystore | Fully managed in-memory data store service. Connect to your VPC network to access Memorystore instances. Refer to Connecting to a Redis instance from a Cloud Run service. |
| BigQuery | Fully managed cloud data warehouse for analytics. Cloud Run services can be used to implement custom BigQuery remote functions. |
| Secret Manager | Create and access secrets. |
| Filestore | Fully managed NFS file servers on Google Cloud |
Orchestration
| Service | Description |
|---|---|
| Pub/Sub | Push events to Cloud Run services. Refer to the Using Pub/Sub with Cloud Run Tutorial. |
| Cloud Scheduler | Trigger Cloud Run services on a schedule. |
| Cloud Tasks | Execute asynchronous tasks on Cloud Run. Refer to HTTP Target tasks with authentication tokens. |
| Workflows | Orchestrate and automate Cloud Run services. |
Web-apps
| Service | Description |
|---|---|
| Identity Platform | Login your users. |
| Firebase Hosting | Fully managed hosting service for static and dynamic content with configurable CDN caching. |
Networking
| Service | Description |
|---|---|
| Virtual Private Cloud | Managed networking functionality for your Google Cloud resources. Refer to Connecting to a VPC network. |
| External Application Load Balancer | Use serverless NEGs to configure a Cloud Run backend for an external Application Load Balancer. |
| Internal Application Load Balancer | Use serverless NEGs to run your Cloud Run services behind an internal IP address. |
| Google Cloud Armor | Helps protect your applications and websites against denial of service and web attacks. |
| Cloud CDN | Cloud CDN is supported with external Application Load Balancers. |
Security
| Service | Description |
|---|---|
| Identity-Aware Proxy | Use identity and context to guard access to your services. |
| Binary Authorization | Deploy only container images that you trust. |
Services not yet supported
The following table lists services that are not yet supported by Cloud Run.
| Service | Notes |
|---|---|
| Web Security Scanner | |
| Container Threat Detection |