Run the Cerbos PDP as a serverless container on Google Cloud Run with automatic scaling and per-request billing.
Deploy the Cerbos container image to Cloud Run with no cluster management or infrastructure provisioning
Cloud Run scales Cerbos instances based on request volume, including scaling to zero when idle
Pay only for the compute time consumed while processing authorization checks
Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.
Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.
Deploying Cerbos via Google Cloud Run gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.
gcloud run deploy cerbos --image ghcr.io/cerbos/cerbos:latest --port 3592 to deploy the Cerbos PDP to Cloud Run.Deploy the official Cerbos container image to Cloud Run using `gcloud run deploy`. Configure environment variables or mount a config file to set the policy source, and expose the HTTP port.
No. Cerbos is self-contained with no database or message queue required. Policies load from a Git repository or Cerbos Hub, both compatible with Cloud Run deployments.
Yes. Cerbos starts quickly and Cloud Run can scale instances to zero when idle. Set a minimum instance count to avoid cold starts if low latency is required.



What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.