All integrations
Google Cloud Run
Deployment

Deploy Cerbos on Google Cloud Run

Run the Cerbos PDP as a serverless container on Google Cloud Run with automatic scaling and per-request billing.

Serverless containers

Serverless containers

Deploy the Cerbos container image to Cloud Run with no cluster management or infrastructure provisioning

Automatic scaling

Automatic scaling

Cloud Run scales Cerbos instances based on request volume, including scaling to zero when idle

Per-request billing

Per-request billing

Pay only for the compute time consumed while processing authorization checks

What is Cerbos?

Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.

Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.

Deploying Cerbos via Google Cloud Run gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.

Policy-as-codeHuman-readable YAML policies managed like source codeScalable PDPStateless policy decision point with sub-millisecond latencyCentralized managementManage, test, and deploy policies from a single control plane

How to deploy Cerbos on Google Cloud Run

  1. Deploy the container, Run gcloud run deploy cerbos --image ghcr.io/cerbos/cerbos:latest --port 3592 to deploy the Cerbos PDP to Cloud Run.
  2. Configure policy loading, Set environment variables or use a mounted config to point Cerbos at a Git repository or Cerbos Hub for policies.
  3. Set scaling parameters, Configure minimum and maximum instance counts based on your latency and cost requirements.
  4. Connect your application, Use a Cerbos SDK to send authorization checks to the Cloud Run service URL.

FAQ

How do I deploy Cerbos on Cloud Run?

Deploy the official Cerbos container image to Cloud Run using `gcloud run deploy`. Configure environment variables or mount a config file to set the policy source, and expose the HTTP port.

Does Cerbos require any external dependencies?

No. Cerbos is self-contained with no database or message queue required. Policies load from a Git repository or Cerbos Hub, both compatible with Cloud Run deployments.

Can Cloud Run scale Cerbos to zero?

Yes. Cerbos starts quickly and Cloud Run can scale instances to zero when idle. Set a minimum instance count to avoid cold starts if low latency is required.

Learn more about Cerbos

How Cerbos worksCerbos PDPCerbos HubWebinars and ebooksFeatures & use casesSuccess stories

Related integrations

View all integrations →
Amazon EC2
Amazon EC2Standalone binary or container PDP on EC2 with full instance control
Deployment
Amazon ECS
Amazon Elastic Container ServiceStateless PDP container running as an ECS task or Fargate sidecar
Deployment
Amazon EKS
Amazon Elastic Kubernetes ServiceHelm-managed Cerbos on EKS with IRSA and Fargate support
Deployment
Amazon Elastic Beanstalk
Amazon Elastic BeanstalkMulti-container Cerbos sidecar that auto-scales with Beanstalk instances
Deployment
Amazon Lambda
AWS LambdaEmbedded in-process PDP for serverless authorization with no network hop
Deployment
AKS
Azure Kubernetes ServiceCerbos on AKS with workload identity and Helm-based lifecycle management
Deployment

Cerbos + Google Cloud Run

  • Cerbos runs alongside your workloads in Google Cloud Run
  • No external databases or message queues required
  • Built-in metrics, distributed tracing, and structured logging
  • Stateless PDP instances scale horizontally
Book a free policy workshopTry the Playground