Domain 3.3: Deploying Cloud Run and Cloud Functions — GCP ACE Practice Question 26

How to approach this question

Identify the native IAM role used to control access to Cloud Run services.

Full Answer

B.Deploy the service without the --allow-unauthenticated flag and grant the roles/run.invoker role only to authorized identities.✓ Correct

By default, Cloud Run services are secure and require authentication. You must explicitly grant the `roles/run.invoker` IAM role to users, groups, or service accounts that need to access the service. Using the `--allow-unauthenticated` flag grants this role to `allUsers`, making it public.

Common mistakes

Thinking VPC firewall rules apply directly to public Cloud Run endpoints.

You are deploying a container image to Cloud Run. You want to ensure that unauthenticated users cannot access the service. How should you configure the deployment?

How to approach this question

Full Answer

Common mistakes

Practice the full GCP Associate Cloud Engineer Practice Exam 1

More questions from this exam