When building out APIs on with Cloud Run, it’s easy to get lost in the fun of building and deploying and seeing your service running live without much thought to the rest of your cloud infrastructure. What permission does your service account that’s running in Cloud Run have access to? In this post I’ll show you how to secure your application with an example application that connects to a Firestore database with the application of the principle of least privilege.
Cloud Build is Google Cloud’s serverless CI tool for running ephemeral builds of code, tests and deployments. When using it to build Docker images, sometimes you’ll need to access private or protected resources which require authentication. But you don’t want to have to expose any keys in source code or as arguments to the container which could then be available to the build process, so how do you access these resources safely and securely?
Rust has been picking up a lot of interest in the last few years, and with the growing interest of serverless, there’s currently no native Rust-based offering of running rust on any of the major clouds, but with Cloud Run it’s able to run any container so I thought I’d throw together a quick getting started with serverless Rust on Google Cloud.
Introduction Following on from my previous post on OAuth with Gin and React, I wanted to write another same same but different style post where instead of having to maintain any backend code, all the user authentication is handled completely serverlessly (in true serverless addict fashion) and all on the frontend.