You have a web application deployed on Cloud Run that is accessible via an internet-facing Application Load Balancer. Your requirement is to restrict access so that only authorized users from your organization can reach the application through a browser, and the solution must support single sign-on (SSO). What is the correct approach?

Exam-Like

Change Cloud Run configuration to require authentication. Assign the role of Cloud Run Invoker to the group of privileged users.

Create a group of privileged users in Cloud Identity. Assign the role of Cloud Run User to the group directly on the Cloud Run service.

Change the Ingress Control configuration of Cloud Run to internal and create firewall rules to allow only access from known IP addresses.

Activate Identity-Aware Proxy (IAP) on the Application Load Balancer backend. Assign the role of IAP-secured Web App User to the group of privileged users.

Google Professional Cloud Security Engineer

Get started today

Comments