Cloud Run Principle of Least Privilege // TRAIN BRAIN

Cloud Run Principle of Least Privilege

There are two security settings for Cloud Run services: what can trigger the service and what the service can do when it runs. Developers often forget about the latter, which can lead to lost data and cost overruns. Follow along as JK Gunnink shows Martin Omander how to tighten security by applying the Principle of Least Privilege to a Cloud Run service.
Chapters:
0:00 - Intro
0:52 - The two security settings in Cloud Run
3:08 - How to apply the principle
4:18 - Creating a service account
5:14 - Creating a new role
6:38 - Granting the role to the service account
7:12 - Naming
7:56 - Creating roles and service account at scale
8:52 - Wrap up
Resources:
Cloud Run access control → https://goo.gle/3UrDOA8
Naming section of the Enterprise foundations blueprint → https://goo.gle/3UU4WcC
Cloud Run Terraform module: → https://goo.gle/4bfSsl9
Checkout more episodes of Serverless Expeditions → https://goo.gle/ServerlessExpeditions
Subscribe to Google Cloud Tech → https://goo.gle/GoogleCloudTech
#ServerlessExpeditions

Google Cloud Tech

Helping you build what's next with secure infrastructure, developer tools, APIs, data analytics and machine learning....

Intelligent Search at scale with Spanner

How can theme parks use AI?

Safe RAG for LLMs

Gemini for Developers - AlloyDB

Is slow data holding you back?

Dataflow for Real-time ETL and Integration

Gemini + APIs = ⏱️?

Encryption with Cloud KMS Keys

Racing to the cloud with IoT

Introduction to Google Cloud Backup and DR

Supercharge your business with Dataflow

Dataflow for Real-time ML and Generative AI

Advice for devs new to AI

How are senior developers using AI?

AlloyDB - Columnar Engine in Action

Build AI chat apps on Google Cloud

? Ask your BigQuery questions with Gemini powered natural language

Google Mainframe Modernization - Refactor for Batch

Infrastructure as code

Safety first with the Vertex AI Gemini API

Enhancing GKE efficiency with Filestore multishares

Multimodal AI

Gemini 1.5 Flash: Unlock high-speed, affordable AI for your apps

Enhancing SRE with Gemini for Google Cloud

Gmail's Spanner Revolution - How Planet-Scale Infra Transformed Silently

Datastream how-to: Recovering a failed stream

Google Cloud Innovators

Service-Centric Cross-Cloud Network demo - AWS and Google Cloud

Getting started with Imagen 3

Photorealistic images from Imagen 3

VPC Firewall rules migration tool demo

Making Vertex AI the most enterprise-ready generative AI platform

Under the hood: Redefining vector search for generative AI application development

Scale your applications with Cloud SQL for MySQL

Accelerate analytics and semantic search in real-time with AlloyDB for PostgreSQL

Best practices to maximize the availability of your Cloud SQL databases

Migrate your Oracle/SQL server databases at-scale

Real-time operational data streaming for enabling analytics and generative AI apps using Datastream

Beyond PostgreSQL: Modernize your applications anywhere with AlloyDB Omni

Migrate enterprise-grade workloads to Cloud SQL for SQL Server

Generative AI application development best practices with Cloud SQL for PostgreSQL

Build an AI marketing platform and support tools with HighLevel and Firestore

Choose the right Google Cloud database for your workload

Troubleshoot and improve code readability with Gemini Code Assist

Claude 3.5 Sonnet meets Vertex AI: What you need to know

Google Cloud NAT with NGFWs advanced demo

Gemma 2: Unlock the power of open models

Introducing Gemma 2 for developers and researchers

Build beautiful and accessible webs pages quickly with Gemini Code Assist and Material Design

How Gemini and LangChain can supercharge your time series data

Choosing the right VM

Vertex AI networking patterns - PSC & Google APIs demo

AlloyDB trial clusters: your playground for PostgreSQL innovation

How to prompt Gemini Code Assist

Cross-Cloud Networking

Cross-Cloud Networking: VPC Networking

Simplified Google Cloud network security: Zero-trust and beyond

Orchestrate generative AI with Workflows

Troubleshoot cloud applications in the AI era

Getting started with Gemini on Vertex AI

Best practices to manage and automate on Compute Engine

Two Sigma: Push computing research boundaries with Google Cloud

Scalable advanced ML systems with Ray, Google Kubernetes Engine, and ML accelerators

Confidential computing and confidential accelerators for AI workloads

How to deploy programmable global front ends for internet-facing apps and content

What’s next for data analytics in the AI era

Accelerate AI ideas to production with Google’s Visual Blocks

Better together: Google Kubernetes Engine threat detection powered by Security Command Center

How Snapchat secures its services on multi-tenant Google Kubernetes Engine

Google Cloud databases in the gen AI era

Security, privacy, and governance considerations for using AI at scale

Cross-Cloud Networking: Hybrid Connectivity

Google Cloud launches Gemini 1.5 Flash!

Data security with AI powered agents

Hybrid Connectivity Networking with Google Cloud GKE Enterprise

Integrate the Cloud Code plugin for API management into your development strategy

Modern Edge AI experiences

Introducing Oracle Database@Google Cloud

Operationalize threat intelligence in Google Security Operations

Grounding in Gemini with Vertex AI Search