
Run the Cerbos PDP on Compute Engine VMs as a standalone binary or container alongside your application workloads.
Run Cerbos as a native binary managed by systemd or as a Docker container on your Compute Engine VMs
Scale Cerbos automatically with Managed Instance Groups, each instance runs independently
Use GCP service accounts to grant Cerbos access to policy sources stored in Google Cloud services
Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.
Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.
Deploying Cerbos via Google Cloud Compute Engine gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.
Download the Cerbos binary onto your VM and run it as a systemd service, or use Docker to run the official Cerbos container image. Configure your policy source and expose the gRPC and HTTP ports.
No. Cerbos is a single static binary with no external dependencies. It requires no database or message queue. Policies load from the filesystem, a Git repository, or Cerbos Hub.
Run Cerbos on multiple VMs behind a Cloud Load Balancer. Cerbos is stateless, so each instance operates independently with no coordination required. Use Managed Instance Groups for automatic scaling.



What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.