Google Cloud Run

Version: 1.0
Updated: Jun 3, 2026

Google Cloud Run is a fully managed serverless platform that lets you run stateless containers directly on top of Google's scalable infrastructure. Use this integration to inventory running services, manage access controls, and decommission services as part of automated response workflows.

Actions

• List Services (Enrichment) - List all Cloud Run services in a project and region to inventory what is currently running.
• Get Service (Enrichment) - Retrieve configuration and metadata for a specific Cloud Run service including its URL, revision, and status.
• Add Member To Role (Containment) - Add a member (user, service account, or group) to a specific IAM role on a Cloud Run service to grant invoke or admin access.
• Remove Member From Role (Containment) - Remove a member from a specific IAM role on a Cloud Run service to revoke access during incident response.
• Update Service IAM Policy (Containment) - Modify the IAM policy on a Cloud Run service to restrict or expand who can invoke it.
• Delete Service (Containment) - Permanently delete a Cloud Run service to decommission legacy or compromised workloads quickly.

Google Cloud Run configuration

Our Google Cloud Run integration supports two types of authentication: Service Account and WIF (Workload Identity Federation). We recommend using WIF since it is more secure and easier to manage. For more information, see Workload Identity Federation.

Required Sumo Logic details for WIF authentication

To configure the Google Cloud Run integration using WIF authentication, you need the following AWS details from Sumo Logic. These details are essential for setting up the Workload Identity Federation (WIF) credentials in Google Workspace:

• Deployment name is the unique name of your Sumo Logic deployment, for example, dub, fra, etc.
• Sumo Logic AWS account ID: 926226587429
• Sumo Logic AWS role: <deployment_name>-csoar-automation-gcpiam
• Sumo Logic AWS Lambda function: <deployment_name>-csoar-automation-gcpiam
• Full ARN: arn:aws:sts::926226587429:assumed-role/<deployment_name>-csoar-automation-gcpiam/<deployment_name>-csoar-automation-gcpiam

Workload Identity Federation (WIF) authentication

To create WIF credentials in Google Workspace needed to configure the Google Cloud Run integration, follow these steps:

1. Log in to the Google Cloud portal.
2. Select a Google Cloud project (or create a new one).
3. Go to API & Services.
4. Click ENABLED APIs AND SERVICES and search for Cloud Resource Manager API, IAM Service Account Credentials API, Identity and Access Management (IAM) API, Security Token Service API, Cloud Run API, and enable them all.
5. Go to IAM & Admin > Service Accounts page.
6. Click CREATE SERVICE ACCOUNT. A Service Account is required to access Google Cloud Run.
7. While creating the service account, in Permissions add the roles Service Account Token Creator, Cloud Run Admin, and Project IAM Admin, then click DONE.
   
8. Go to IAM & Admin > Workload Identity Federation page.
   
9. Click CREATE POOL, provide the details, and click CONTINUE.
   
10. Add Provider details. Select AWS as the provider type and provide the AWS Account ID supplied by Sumo Logic. Click CONTINUE and SAVE.
    
11. You will now see the created pool and provider.
    
12. Build a principal name to configure in Sumo Logic. The format is: principalSet://iam.googleapis.com/projects/{YourProjectID}/locations/global/workloadIdentityPools/{YourPoolName}/attribute.aws_role/arn:aws:sts::{SumoAWSAccountID}:assumed-role/{SumoAWSRole}/{SumoAWSLambdaFunction}.
13. Go to IAM & Admin > IAM page and click Grant Access to add a new principal.
14. In the New principals field, provide the principal name from the previous step and select the role Workload Identity User. Click SAVE.
    
15. Go to IAM & Admin > Workload Identity Federation page and select the pool created above.
16. Click Grant Access > Grant access using service account impersonation.
17. Select the service account created above, select the principle as aws_role, and provide the ARN arn:aws:sts::{SumoAWSAccountID}:assumed-role/{SumoAWSRole}, then click SAVE.
    
18. Again go to Grant Access > Grant access using service account impersonation. Select the service account created above. Select the principle as aws_role and provide the ARN arn:aws:sts::{SumoAWSAccountID}:assumed-role/{SumoAWSRole}/{SumoAWSLambdaFunction}. Click SAVE.
19. Download the WIF conf.json file. Make sure you save it in a safe place. Use the JSON content to configure the Google Cloud Run integration to use WIF authentication in Automation Service and Cloud SOAR.

Service Account authentication

To create service account credentials in Google Workspace needed to configure the Google Cloud Run integration, follow these steps:

1. Log in to the Google Cloud portal.
2. Select a Google Cloud project (or create a new one).
3. Go to API & Services > Credentials page.
4. Click ENABLED APIs AND SERVICES and search for Cloud Resource Manager API, IAM Service Account Credentials API, Identity and Access Management (IAM) API, Security Token Service API, Cloud Run API, and enable them.
5. Click CREATE CREDENTIALS and select Service Account.
   
6. Enter a service account name to display in the Google Cloud console. The Google Cloud console generates a service account ID based on this name.
7. (Optional) Enter a description of the service account.
8. Skip two optional grant permissions steps and click Done to complete the service account creation.
   
9. Click on the generated service account to open the details.
   
10. Under the KEYS tab, click ADD KEY and choose Create new key.
    
11. Click CREATE (make sure JSON is selected).
    
12. The JSON file is downloaded. Make sure you save it in a safe place.

Configure Google Cloud Run in Automation Service and Cloud SOAR

Before you can use this automation integration, you must configure its authentication settings so that the product you're integrating with can communicate with Sumo Logic. For general guidance, see Configure Authentication for Automation Integrations.

How to open the integration's configuration dialog

1. Access App Central and install the integration. (You can configure at installation, or after installation with the following steps.)
2. Go to the Integrations page.
   Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
   New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations.
3. Select the installed integration.
4. Hover over the resource name and click the Edit button that appears.
   

In the configuration dialog, enter information from the product you're integrating with. When done, click TEST to test the configuration, and click SAVE to save the configuration:

• Label. Enter the name you want to use for the resource.

• Authentication Type. Select the authentication type: Service Account Private Key Json or Workload Identity Federation Private Key json and provide the selected type JSON content.

• Scopes. Default scope is already added as https://www.googleapis.com/auth/cloud-platform. If not, add this scope.

• Project ID. Provide the Google Cloud Project ID where the Cloud Run actions will be performed.

• Automation Engine. Select Cloud execution for this certified integration. Select a bridge option only for a custom integration. See Cloud or Bridge execution.

• Proxy Options. Select whether to use a proxy. (Applies only if the automation engine uses a bridge instead of cloud execution.)

  • Use no proxy. Communication runs on the bridge and does not use a proxy.
  • Use default proxy. Use the default proxy for the bridge set up as described in Using a proxy.
  • Use different proxy. Use your own proxy service. Provide the proxy URL and port number.

For information about Google Cloud Run, see Google Cloud Run documentation.

Change Log

• June 3, 2026 (v1.0) - First upload