Trigger with events

You can create an Eventarc trigger so that your Cloud Run service receives notifications of a specified event or set of events. By specifying filters for the trigger, you can configure the routing of the event, including the event source and the target Cloud Run service.

Events sent to your Cloud Run service are received in the form of HTTP requests.

The following event types trigger requests to your service:

This page shows you how to create a trigger through the Cloud Run console page.

You can also create an Eventarc trigger using the Google Cloud CLI or through the Eventarc console page.

Prepare to create a trigger

Before you create a trigger, complete these prerequisites:

  1. Eventarc uses a customer-provided service account as the identity of the trigger. Ensure that you grant the required roles and permissions to the trigger's service account.

    For example, to send events to a Cloud Run service that requires authentication, the service account for the Eventarc trigger must have the Cloud Run Invoker Identity and Access Management (IAM) role.

  2. If you are creating a trigger for a direct event from Cloud Storage, grant the pubsub.publisher role to the Cloud Storage service account:

    SERVICE_ACCOUNT="$(gsutil kms serviceaccount -p PROJECT_ID)"
    gcloud projects add-iam-policy-binding PROJECT_ID \
        --member="serviceAccount:${SERVICE_ACCOUNT}" \

    Replace PROJECT_ID with your Google Cloud project ID. You can find your project ID on the Dashboard page of the Google Cloud console.

Create a trigger through the console

You can use the Cloud Run console page to create triggers for Cloud Audit Logs and Pub/Sub event types. However, to create triggers for direct events (for example, from Cloud Storage or Firebase Alerts), you must use the gcloud CLI or the Eventarc console page.

  1. If necessary, enable the Eventarc API.

    Enable the API

  2. In the Google Cloud console, go to Cloud Run.

    Go to Cloud Run

  3. From the list of services, click an existing service, or create a new service.

  4. On the Service details page, click the Triggers tab.

  5. Click Add Eventarc trigger.

  6. In the Pick an event list, locate all the event providers and events that are supported.

    Add a trigger through the console

  7. Select an event provider and choose an event.

    For example, select Cloud Scheduler >

    You must identify what event to filter. See Determine event filters for Cloud Audit Logs.

  8. If you select the Cloud Pub/Sub topic event, you can select an existing topic or create a new topic for the trigger.

  9. Select one of the following:

    • Any resource—This is the default and includes dynamically created resources that have identifiers generated at creation time.

    • Specific resource—You must provide the full resource name. For example, type projects/_/buckets/eventarc-bucket/objects/random.txt.

  10. Specify a region to receive events from.

    Eventarc triggers are available in specific regions. To avoid any performance and data residency issues caused by a global trigger, Google recommends that the location match that of the Google Cloud service that is generating events.

  11. Select the Service account that invokes your Cloud Run service.

    Or, create a new service account.

    This specifies the IAM service account email associated with the trigger. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service.

  12. Optionally, specify the Service URL path to send the incoming request to.

    This is the relative path on the destination service to which the events for the trigger should be sent. For example: /, /route, route, route/subroute.

  13. After creating the trigger, verify its health by ensuring that there is a checkmark on the Triggers tab.

What's next