You have deployed an internal-only Cloud Run service named "image-processor" in the us-central1 region with authentication required. The service must run automatically whenever a new object is added to the existing Cloud Storage bucket gs://product-images. You want a fully managed, low-maintenance solution that follows Google-recommended practices. What should you do?
Deploy a 2nd-generation Cloud Function triggered by the bucket finalize event that sends an authenticated HTTP request to the Cloud Run endpoint.
Change the Cloud Run service to allow unauthenticated invocations and configure Cloud Storage change notifications to call the service URL when objects are created.
Enable Cloud Storage object change notifications, create a Pub/Sub topic, add a push subscription that posts to the Cloud Run URL, and grant the Pub/Sub service account the Cloud Run Invoker role.
Create an Eventarc trigger in us-central1 for the event type "google.cloud.storage.object.v1.finalized" on the product-images bucket and set the destination to the image-processor Cloud Run service, leaving authentication enabled.
Eventarc is the recommended way to route events from many Google Cloud sources, including Cloud Storage, directly to Cloud Run. Creating an Eventarc trigger of type "google.cloud.storage.object.v1.finalized" on the product-images bucket automatically provisions the necessary Pub/Sub topic and grants the Eventarc service account the Cloud Run Invoker role, so the Cloud Run service can stay protected by IAM-based authentication. Configuring Cloud Storage-generated Pub/Sub push subscriptions yourself or inserting a Cloud Function adds unnecessary components and operational overhead, while allowing unauthenticated access conflicts with the security requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Eventarc, and why is it recommended over Pub/Sub or Cloud Functions?
Open an interactive chat with Bash
What is the 'google.cloud.storage.object.v1.finalized' event type in Eventarc?
Open an interactive chat with Bash
How does IAM-based authentication work with Cloud Run and Eventarc?
Open an interactive chat with Bash
What is Eventarc, and how does it work in GCP?
Open an interactive chat with Bash
Why is Cloud Run authentication important, and how does Invoker role work?
Open an interactive chat with Bash
How is Eventarc different from using Pub/Sub directly for routing events?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Planning and implementing a cloud solution
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .