0

Google Cloud Functions can be accessed publicly using their URL which has format like

https://<region>-<projectId>.cloudfunctions.net/<functionName>

Although, authentication can be set up so that only authorized entities can pass the authentication, which is described in https://cloud.google.com/functions/docs/securing/authenticating and https://cloud.google.com/functions/docs/securing/managing-access

Those who are not authorized would be given 403 error if no Authorization bearer token header is sent, or 401 error if Authorization bearer token is invalid.

But still, anyone who has the URL can make a call to the Cloud Function. They would get an error, but still would be able to access it.

Is it possible to restrict this public accessibility of Cloud Functions? Such that something they can only be accessed privately.

user5155835
  • 4,392
  • 4
  • 53
  • 97
  • Possible duplicate of [Restrict access to Google Cloud Functions to a given network?](https://stackoverflow.com/questions/43570358/restrict-access-to-google-cloud-functions-to-a-given-network) – Aleksi Aug 13 '19 at 06:09
  • As @guillaume stated in the answer, it is not possible to achieve that, so IAM is your way to go for now in order to restrict access to your Cloud Function. You can file a feature request in the public issue tracker, follow this [link](https://issuetracker.google.com/issues/new) to do so. – bhito Aug 13 '19 at 08:04

1 Answers1

2

No, it's not possible today, but it could change in the future.

Today, you have to rely on Google security. If your function requires authentication, it will be invoked only if the authentication is successful. By the way, you won't be charged in case of wrong call or ddos attack.

guillaume blaquiere
  • 66,369
  • 2
  • 47
  • 76