Endpoint for Cloud Function returns 403 Forbidden

google-cloud-platform

Solution 1:

I encountered this recently. It turns out that as of January 15, 2020 new functions require authentication by default.

See the docs here for details.

The solution was to manually add the Cloud Functions Invoker permission to the allUsers user in the Cloud Functions page in the Google Cloud Console.

Solution 2:

There are several reasons for which you are getting this error message “Your client does not have permission to get URL /… from this server” among them are:

Your internet browser history - Try deleting your history/Cache

Insufficient account permissions - Try a different account with elevated privileges

Missing SSL parameters - Try accessing the URL directly using the “curl” command

Check for malware

Solution 3:

While both above answers are correct, typically the thing to note is your functions deployment would have shown an error (related to the IAM policy that is being applied to the deployment), but deployed the function regardless.

In my case I was following the Google Cloud code lab example when I hit the error.

I was using a service account, which had editor access to project, so I assumed I would be able to apply the --allow-unauthenticated policy but it turns out the project editor only gives iam.roles.list and iam.roles.get so the policy never got applied to the function (hence the above error).

To fix I had to:

  • Delete the function (only needed, if you were applying the --allow-unauthenticated policy as it is only applied on the first deployment of the function, and ignored in any subsequent update to functions)
  • Give the service account additional IAM related roles.
  • Deploy the function again

I was able to curl the endpoint successfully.

Solution 4:

Google Cloud Functions recently (not sure how recently) added some new IAM functionality and now new functions don’t have public access by default.

To allow your function to be invoked you first have to add permissions to the function, you can see the step by step at:

https://lukestoolkit.blogspot.com/2020/06/google-cloud-functions-error-forbidden.html

Related

How to intentionally cause ssh root connection refused
Use F2FS on RAID0 within HDD?
Severe write performance problem
Most Appropriate log-structured file system to use with Linux / SSD?
Linux RAID 5 Redundancy
Performance Manager - what counters?
What are good command line utilites in Windows to monitor processes?
Can Hyper-V Server run on Windows XP 32-bit with a 64-bit processor?
Piggyback network router
Managing huge mailboxes
Under Windows, what is a processes "working set"?
What is the best Linux edition for web server? [closed]