Access Cloud Run from Compute Engine in internal ingress mode

We are trying to access cloud run service url from compute engine.

Cloud Run services are deployed with ingress mode as internal.

Currently its giving "Access Forbidden" status when accessing the service url.

However when ingress mode is set to all i can access but want to access it only with in google network from my compute engine.

I even added the compute service account of compute engine as member in cloud run permissions.

Any solutions for this?

Update

Project setup I have a shared vpc setup(as of now only us-central1 subnet sharing) where host project's vm try to access the cloud run url. Doing a Curl from host project's vm fails with "Access Forbidden".

However, I tried creating a temp vm in the same project where cloud run service exists. Still I see the same error from this VM too.

As per documentation, setting Internal ingress will allow any in the project to be accessed directly. But this doesn't seem to happen.

I even added roles/run.invoker role for the compute engine's service account as member in Cloud run service.

Cloud Run is using the Serverless vpc connector of the host project.

https://stackoverflow.com/questions/65522752/access-cloud-run-from-compute-engine-in-internal-ingress-mode December 31, 2020 at 11:28PM