Stay organized with collections Save and categorize content based on your preferences.
Function IdentityThis page provides supplemental information for configuring function identity for functions created using the gcloud functions commands or the Cloud Functions v2 API.
If you've created or deployed functions using Cloud Run, see Introduction to service identity and Configure service identity for services for a detailed description of configuring service identity. Cloud Run refers to the function identity as the service identity.
For an introduction to the function identity concept, see the Cloud Run Introduction to service identity guide.
Add a user-managed service account at deploymentWhen deploying a function using gcloud functions deploy, add the --service-account flag. For example:
gcloud functions deploy FUNCTION_NAME --service-account SERVICE_ACCOUNT_EMAIL
Replace FUNCTION_NAME with your function name, and SERVICE_ACCOUNT_EMAIL with the service account email.
You can update the runtime service account of an existing function.
When deploying a function using gcloud functions deploy, add the --service-account flag:
gcloud functions deploy FUNCTION_NAME --service-account SERVICE_ACCOUNT_EMAIL
Replace FUNCTION_NAME with your function name, and SERVICE_ACCOUNT_EMAIL with the service account.
The redeployed function now uses the new runtime service account.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-07 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["Cloud Run functions utilize service accounts as their identity to access other Google Cloud resources, and each function should preferably be assigned a dedicated, user-managed service account."],["By default, Cloud Run functions use the project's default compute service account, which may have the Editor role unless an organization policy constraint is enforced to disable the automatic grant."],["For enhanced security, it's advised to either change the permissions of the default service account to less permissive roles, or create and use individual user-managed service accounts for each function, granting them the least privilege necessary."],["You can manage access by changing the default runtime service account permissions or create individual service accounts, and can connect a user-managed service account with your function during deployment or by updating an existing function."],["The Compute Metadata Server allows Cloud Run functions to fetch OpenID Connect ID tokens or OAuth 2.0 access tokens, which are necessary for interacting with services that require specific authentication methods."]]],[]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4