Add IAM member for unauthenticated access and update ingress settings

max-ostapenko · max-ostapenko · commit 686e4e919e0e · 2025-12-07T01:21:50.000+01:00
diff --git a/terraform/modules/run-service/main.tf b/terraform/modules/run-service/main.tf
@@ -92,3 +92,11 @@ resource "google_cloud_run_v2_service_iam_member" "api_gw_variable_service_accou
   role     = "roles/run.invoker"
   member   = "serviceAccount:${var.service_account_api_gateway}"
 }
+
+resource "google_cloud_run_v2_service_iam_member" "allow_unauthenticated" {
+  project  = var.project
+  location = var.region
+  name     = data.google_cloud_run_service.run-service.name
+  role     = "roles/run.invoker"
+  member   = "allUsers"
+}
diff --git a/terraform/modules/run-service/variables.tf b/terraform/modules/run-service/variables.tf
@@ -33,7 +33,7 @@ variable "available_cpu" {
 }
 variable "ingress_settings" {
   type        = string
-  default     = "ALLOW_ALL"
+  default     = "ALLOW_INTERNAL_AND_GCLB"
   description = "String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Check ingress documentation to see the impact of each settings value. Changes to this field will recreate the cloud function."
 }
 variable "vpc_connector_egress_settings" {

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ variable "available_cpu" {`
`33`	`33`	`}`
`34`	`34`	`variable "ingress_settings" {`
`35`	`35`	`type = string`
`36`		`- default = "ALLOW_ALL"`
	`36`	`+ default = "ALLOW_INTERNAL_AND_GCLB"`
`37`	`37`	`description = "String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL, ALLOW_INTERNAL_AND_GCLB and ALLOW_INTERNAL_ONLY. Check ingress documentation to see the impact of each settings value. Changes to this field will recreate the cloud function."`
`38`	`38`	`}`
`39`	`39`	`variable "vpc_connector_egress_settings" {`