When making use of asynchronous messaging across distributed systems, there’s a promise of sorts made in that there’s a “you give me this message, and I’ll take care of it” mentality that works well until it doesn’t. Anyone who’s worked on any kind of large scale system or even indeed any system, knows that there’s an inherent probability that the system will fail at some point because of any number of unexpected reasons.
When building out APIs on with Cloud Run, it’s easy to get lost in the fun of building and deploying and seeing your service running live without much thought to the rest of your cloud infrastructure. What permission does your service account that’s running in Cloud Run have access to? In this post I’ll show you how to secure your application with an example application that connects to a Firestore database with the application of the principle of least privilege.
Cloud Build is Google Cloud’s serverless CI tool for running ephemeral builds of code, tests and deployments. When using it to build Docker images, sometimes you’ll need to access private or protected resources which require authentication. But you don’t want to have to expose any keys in source code or as arguments to the container which could then be available to the build process, so how do you access these resources safely and securely?
Rust has been picking up a lot of interest in the last few years, and with the growing interest of serverless, there’s currently no native Rust-based offering of running rust on any of the major clouds, but with Cloud Run it’s able to run any container so I thought I’d throw together a quick getting started with serverless Rust on Google Cloud.