Hello all,
I’m experimenting with this “new thing” - at least for me - Ai agents. So it’s just an experiment.
So I set up a Cloud Sql instance with a database with some “client” data. I connected that to a Cloud Run instance. When I browse to the Cloud Run url, I indeed see user data. So far so good.
Then I went to Vertex AI studio an created an agent with the tools Google search and url context. When I then ask the agent questions like “ give me the names of our clients” it indicates It cannot acces the url possibly because Cloud Run accepts requests from a “normal “browser but not from Vertex AI.
What coud I do to make this work?
Greetings, j.
Hey, yeah I’ve actually run into a very similar confusion when I first started mixing Cloud Run with Vertex AI stuff.
What you’re seeing makes sense — Cloud Run works fine in browser because it’s basically just HTTP access, but Vertex AI agents don’t behave like a normal browser, so auth / access control becomes the real blocker here.
I faced something similar when I was testing APIs behind Cloud Run — everything worked in Postman, but failed from agent/tool calls because of permissions and identity mismatch.
What worked for me:
-
Make sure Cloud Run is not just “unauthenticated public URL” blindly exposed, but properly configured with service-to-service auth
-
Use IAM service accounts so Vertex AI can “call” Cloud Run as a trusted identity
-
Double-check if your endpoint expects headers that the agent isn’t sending by default
Not 100% sure in every setup, but usually it’s auth + missing service account binding issue.
I’ve seen similar integration patterns while experimenting inFlixfox backend automation flows too.
Are you using public Cloud Run URL or IAM-secured one right now?
Hello,
thanks for your reply.
I am using public Cloud Run at the moment.
Greetings, j.