Add requireInvokerIam constraint to the polices to prevent public exposure of Cloud Run services

2025-03-31 18:19:12 +00:00
parent 925788b54a
commit bea36cb047
5 changed files with 27 additions and 5 deletions
--- a/fast/stages/0-bootstrap/data/org-policies-managed/serverless.yaml
+++ b/fast/stages/0-bootstrap/data/org-policies-managed/serverless.yaml
@@ -24,6 +24,10 @@ run.allowedIngress:
        values:
          - is:internal-and-cloud-load-balancing

+run.managed.requireInvokerIam:
+  rules:
+    - enforce: true
+
 # run.allowedVPCEgress:
 #   rules:
 #   - allow:
--- a/fast/stages/0-bootstrap/data/org-policies/serverless.yaml
+++ b/fast/stages/0-bootstrap/data/org-policies/serverless.yaml
@@ -24,6 +24,10 @@ run.allowedIngress:
        values:
          - is:internal-and-cloud-load-balancing

+run.managed.requireInvokerIam:
+  rules:
+    - enforce: true
+
 # run.allowedVPCEgress:
 #   rules:
 #   - allow: