Connecting to Google Cloud services

This page lists Google Cloud services that work well with Cloud Run and those that are not-yet supported for the fully managed version of Cloud Run. Cloud Run for Anthos on Google Cloud can use any service that Google Kubernetes Engine can use.

Connecting to Google Cloud services in code

You can use Cloud Run with the supported Google Cloud services using the client libraries they provide. For code samples showing how to connect with a particular Google Cloud service, refer to the documentation provided for that Google Cloud service.

You do not need to provide credentials manually inside Cloud Run (fully managed) container instances when using the Google Cloud client libraries.

Note that Cloud Run (fully managed) uses a default runtime service account that has the Project > Editor role, which means it is able to call all Google Cloud APIs and have read and write access on all resources in your Google Cloud project. You can restrict this by assigning a service account with a minimal set of permissions to your Cloud Run services. For example, if your Cloud Run service is only reading data from Firestore, we recommend assigning it a service account that only has the Firestore User IAM role.

The following table lists services recommended for Cloud Run (fully managed). These services also work well with Cloud Run for Anthos on Google Cloud, but in addition, Cloud Run for Anthos on Google Cloud can use any service that Google Kubernetes Engine can use.

Service Description
Cloud Build Build container images, continuous integration and delivery.
Container Registry Store container images.
Artifact Registry Store container images.
Google Cloud's operations suite Monitoring and logging of Cloud Run services.
Firestore Fully managed NoSQL database.
Cloud Spanner Fully managed, scalable, relational database.
Cloud SQL Fully managed relational database. Refer to Connecting to Cloud SQL instances.
Cloud Storage Object storage. Store objects and serve static content.
Pub/Sub Push events to Cloud Run services. Refer to the Using Pub/Sub with Cloud Run Tutorial.
Cloud Scheduler Trigger Cloud Run services on a schedule.
Cloud Tasks Execute asynchronous tasks on Cloud Run. Refer to HTTP Target tasks with authentication tokens.
Identity Platform Login your users.
Secret Manager Create and access secrets.
BigQuery Fully managed cloud data warehouse for analytics.
Firebase Hosting Fully managed hosting service for static and dynamic content with configurable CDN caching.
Cloud Endpoints (Beta) API management including routing, authentication, API keys, rate limiting, and quota. Endpoints for Cloud Run are in Beta.
Virtual Private Cloud Managed networking functionality for your Google Cloud resources. Refer to Connecting to a VPC network.
Memorystore Fully managed in-memory data store service. Connect to your VPC network to access Memorystore instances: refer to Connecting to a VPC network.
Cloud Load Balancing (Beta) HTTP(S) Load Balancing support for Cloud Run (fully managed) is in Beta. Use serverless NEGs to configure a Cloud Run (fully managed) backend for an external HTTP(S) load balancer.
Google Cloud Armor (Beta) Google Cloud Armor can be configured using HTTP(S) Load Balancing. Support for Cloud Run (fully managed) is in Beta. Note that traffic cannot yet be restricted to Cloud Load Balancing.
Cloud CDN (Beta) Cloud CDN is supported via HTTP(S) Load Balancing. Support for Cloud Run (fully managed) is in Beta.

Services not yet supported

The following table lists services that are not yet supported by Cloud Run (fully managed). Note that Cloud Run for Anthos on Google Cloud can use any service that Google Kubernetes Engine can use.

Service Notes
Filestore (NAS) Filestore is not Firestore, which is supported.
Identity-Aware Proxy
VPC Service Controls
Cloud Asset Inventory
Web Security Scanner