Answer-first summary for fast verification
Answer: Configure separate Cloud Run services for the public and restricted microservices. Enable Identity-Aware Proxy (IAP) only for the restricted services, and configure the Cloud Run ingress settings to ‘Internal and Cloud Load Balancing’.
The correct approach is to separate public and restricted microservices into distinct Cloud Run services. Enabling Identity-Aware Proxy (IAP) only on restricted services ensures that authentication is enforced via Google identities. Public services should retain the default ingress setting (allowing all traffic), while restricted services use ingress settings compatible with IAP (e.g., 'Internal and Cloud Load Balancing'). IAP inherently handles authentication and authorization without requiring additional microservices or complex ACL management. Options A and B incorrectly apply IAP to all services, forcing authentication even for public ones. Option C introduces unnecessary complexity with Firebase rules. Option D minimizes overhead by leveraging IAP selectively and maintaining public access via standard Cloud Run configurations.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How should you configure access for a Cloud Run-deployed web application with both public and authenticated-only microservices, ensuring maximum security with minimal management overhead? The solution must restrict certain services to Google-authenticated users while allowing public access to others.
A
Enable Identity-Aware Proxy (IAP) for all microservices. Develop a new microservice that checks the authentication requirements for each application and controls access to the respective services.
B
Enable Identity-Aware Proxy (IAP) for all microservices. Manage access control lists (ACLs) for the restricted services, and configure allAuthenticatedUsers access to the public services.
C
Use Cloud Endpoints with Firebase Authentication for all microservices. Configure Firebase rules to manage access control lists (ACLs) for each service, allowing access to the public services.
D
Configure separate Cloud Run services for the public and restricted microservices. Enable Identity-Aware Proxy (IAP) only for the restricted services, and configure the Cloud Run ingress settings to ‘Internal and Cloud Load Balancing’.
No comments yet.