2026-04-27 - Cloud Functions Locked Down to Internal Traffic Only¶
Release¶
AgileData.io - Tighter Infrastructure Security: Backend Functions No Longer Publicly Reachable
Our backend Cloud Functions are now restricted to internal Google Cloud traffic only. They are exclusively triggered by internal Pub/Sub messages. This significantly reduces the attack surface of our processing infrastructure.
Previously, Cloud Functions were reachable via HTTPS endpoints, which required careful authentication controls to prevent abuse. By removing the public endpoint entirely and routing all invocations through Google Cloud Pub/Sub (an internal Google network service), we’ve eliminated that exposure at the infrastructure level rather than relying solely on application-layer checks. Eventarc triggers are also now restricted to internal ingress with enforced HTTPS, closing any remaining external access paths.
This change is entirely behind the scenes — it has no impact on how AgileData behaves from your perspective. Data processing continues to work exactly as before, just through a more secure internal pathway.
What’s New:
Cloud Functions restricted to internal ingress only — no public HTTPS endpoints
All function invocations routed exclusively through internal Pub/Sub messages
Eventarc triggers enforced to use internal ingress with HTTPS
Default URL flag explicitly enabled to maintain correct internal routing
What this means for you:
Stronger infrastructure security with no change to platform behaviour
Reduced attack surface for backend processing workloads
Compliance-friendly architecture that follows the principle of least exposure
Last Refreshed¶
Doc Refreshed: 2026-04-27