diff --git a/blueprints/serverless/cloud-run-corporate/README.md b/blueprints/serverless/cloud-run-corporate/README.md
index e3baaf166..84b30b84c 100644
--- a/blueprints/serverless/cloud-run-corporate/README.md
+++ b/blueprints/serverless/cloud-run-corporate/README.md
@@ -152,11 +152,11 @@ tf_identity = "[user or SA account]"
#### Use case 3.4
-Another possibility is for a project to be a Service Project with the Cloud Run service running in the Host Project, since this is also considered `"internal"` traffic. In this case a VPC SC perimeter is not needed.
+Another possibility is to use an architecture based on Shared VPC that allows direct service-to-service calls while ensuring all traffic stays within your private network. In this case a VPC SC perimeter is not needed.
-Note that the service project can't have a different DNS entry for the same domain, so it uses the DNS and PSC configuration of the host project. Set the following in `terraform.tfvars`:
+For simplicity, the two Cloud Run services are deployed in the same service project. To test access, VMs are created in the host and service projects. Note that the service project can't have a different DNS entry for the same domain, so it uses the DNS and PSC configuration of the host project. Set the following in `terraform.tfvars`:
```tfvars
prj_main_id = "[your-main-project-id]" # Used as host project
@@ -165,11 +165,11 @@ prj_svc1_id = "[your-service-project1-id]"
### Use case 4: Access to Cloud Run with custom domain
-You need to use a L7 ILB with Serverless NEGs (in Preview) to set a custom domain for Cloud Run. As a practical example, this blueprint deploys this configuration in a Shared VPC environment with two Cloud Run services running in service projects and the ILB exposing them via a custom domain, pointing to them through a URL map: `/cart` and `/checkout`.
+You need to use a L7 ILB with Serverless NEGs (in Preview) to set a custom domain for Cloud Run. As a practical example, this blueprint deploys this configuration in a Shared VPC environment with two Cloud Run services running in a service project and the ILB exposing them via a custom domain, pointing to them through a URL map: `/cart` and `/checkout`.
-For simplicity, both services are deployed in the same service project. Also, the blueprint uses an HTTP connection to the ILB to avoid management of SSL certificates. To test access, VMs are created in the host and service projects. Set the following in `terraform.tfvars`:
+The blueprint uses an HTTP connection to the ILB to avoid management of SSL certificates. To test access, VMs are created in the host and service projects. Set the following in `terraform.tfvars`:
```tfvars
prj_main_id = "[your-main-project-id]" # Used as host project
@@ -181,8 +181,6 @@ SSH into a test VM and run `curl` specifying as URL the host, your custom domain
-Note that the default URLs for both services are also output, and the PSC endpoint for the `*.run.app` domain from previous examples is still created. However, access to these URLs from both VMs in the host or service project is blocked since the requests come from a VPC network in a different project to the service.
-
## Cleaning up your environment
The easiest way to remove all the deployed resources is to run the following command:
@@ -196,22 +194,22 @@ The above command will delete the associated resources so there will be no billa
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [prj_main_id](variables.tf#L78) | Main Project ID. | string | ✓ | |
+| [prj_main_id](variables.tf#L79) | Main Project ID. | string | ✓ | |
| [access_policy](variables.tf#L17) | VPC SC access policy, if it exists. | string | | null |
| [access_policy_create](variables.tf#L23) | Parameters for the creation of a VPC SC access policy. | object({…}) | | null |
| [custom_domain](variables.tf#L32) | Custom domain for the Load Balancer. | string | | null |
| [image](variables.tf#L38) | Container image to deploy. | string | | "us-docker.pkg.dev/cloudrun/container/hello" |
| [ingress_settings](variables.tf#L44) | Ingress traffic sources allowed to call the service. | string | | "internal" |
-| [ip_ranges](variables.tf#L50) | IPs or IP ranges used by VPCs. | map(map(string)) | | {…} |
-| [prj_main_create](variables.tf#L69) | Parameters for the creation of the main project. | object({…}) | | null |
-| [prj_onprem_create](variables.tf#L83) | Parameters for the creation of an 'onprem' project. | object({…}) | | null |
-| [prj_onprem_id](variables.tf#L92) | Onprem Project ID. | string | | null |
-| [prj_prj1_create](variables.tf#L98) | Parameters for the creation of project 1. | object({…}) | | null |
-| [prj_prj1_id](variables.tf#L107) | Project 1 ID. | string | | null |
-| [prj_svc1_create](variables.tf#L113) | Parameters for the creation of service project 1. | object({…}) | | null |
-| [prj_svc1_id](variables.tf#L122) | Service Project 1 ID. | string | | null |
-| [region](variables.tf#L128) | Cloud region where resource will be deployed. | string | | "europe-west1" |
-| [tf_identity](variables.tf#L134) | Terraform identity to include in VPC SC perimeter. | string | | null |
+| [ip_ranges](variables.tf#L50) | IPs or IP ranges used by VPCs. | map(map(string)) | | {…} |
+| [prj_main_create](variables.tf#L70) | Parameters for the creation of the main project. | object({…}) | | null |
+| [prj_onprem_create](variables.tf#L84) | Parameters for the creation of an 'onprem' project. | object({…}) | | null |
+| [prj_onprem_id](variables.tf#L93) | Onprem Project ID. | string | | null |
+| [prj_prj1_create](variables.tf#L99) | Parameters for the creation of project 1. | object({…}) | | null |
+| [prj_prj1_id](variables.tf#L108) | Project 1 ID. | string | | null |
+| [prj_svc1_create](variables.tf#L114) | Parameters for the creation of service project 1. | object({…}) | | null |
+| [prj_svc1_id](variables.tf#L123) | Service Project 1 ID. | string | | null |
+| [region](variables.tf#L129) | Cloud region where resource will be deployed. | string | | "europe-west1" |
+| [tf_identity](variables.tf#L135) | Terraform identity to include in VPC SC perimeter. | string | | null |
## Outputs
diff --git a/blueprints/serverless/cloud-run-corporate/images/use-case-3.4.png b/blueprints/serverless/cloud-run-corporate/images/use-case-3.4.png
index 36f18be68..6cc334e8b 100644
Binary files a/blueprints/serverless/cloud-run-corporate/images/use-case-3.4.png and b/blueprints/serverless/cloud-run-corporate/images/use-case-3.4.png differ