I am trying to run a task within a cloud run service. The task will call an endpoint within another cloud run service, which currently returns status code: 403 when the task is executed within the queue.
Is there anyone who as faced such issue?
Per our docs this occurs due to an authentication issue.
To resolve this issue:
- If the service is meant to be invocable by anyone, update its IAM settings to make the service public.
- If the service is meant to be invocable only by certain identities, make sure that you invoke it with the proper authorization token.
- If invoked by a developer or invoked by an end user: Ensure the developer or user has the run.routes.invoke permission, which you can provide through the Cloud Run Admin (roles/run.admin) and Cloud Run Invoker (roles/run.invoker) role.
- If invoked by a service account: Ensure the service account is a member of the Cloud Run service and has the Cloud Run Invoker (roles/run.invoker) role.
- Calls missing an auth token or with an auth token that is of valid format, but the IAM member used to generate the token is missing run.routes.invoke permission this will result in this 403 error.