IaC Bazaar
Google CloudLive-tested

Cloud Run Job (v2)

A Cloud Run v2 Job for batch and run-to-completion workloads with a dedicated runtime service account, auto-wired Secret Manager accessor grants, VPC egress, bounded retries and per-task timeout.

terraformGoogle Cloud#gcp

Compare Serverless Containers across clouds →

gcp-cloud-run-jobterraform v1.7

Verification

Live-tested

Really deployed, verified, idempotent and destroyed in a cloud sandbox.

Conformance

  • Static validation (fmt · validate · tflint)
  • Security scan (Checkov)
  • Plan tests (mocked: validation rules · outputs)

Provenance

  • SHA-256 checksum
  • Signature (pending)

Functional

  • Live-tested — applied, verified, destroyed

Last verified 2026-06-30 · how we verify

Documentation

gcp-cloud-run-job

Cloud Run v2 Job — run-to-completion container workloads (batch processing, database migrations, scheduled/cron tasks) with the security and reliability wiring hand-rolled configs skip: a dedicated runtime service account (never the project default compute SA), least-privilege Secret Manager accessor grants on exactly the secrets the job references, Direct VPC egress or connector support, a bounded retry count and per-task timeout, and deletion protection on by default. Works with Terraform and OpenTofu (>= 1.6), Google provider >= 7.0, < 8.0.

Creating a job defines it but does not run it — execute it on demand (gcloud run jobs execute <name>) or on a schedule via Cloud Scheduler, Workflows or Eventarc.

What you get per module call:

  • One Cloud Run v2 job with configurable task count and parallelism
  • A dedicated runtime service account (or supply your own)
  • Plain and Secret-Manager-sourced env vars + secret volume mounts, with the accessor grants wired automatically
  • VPC egress (connector or Direct VPC) for reaching private resources
  • Bounded max_retries and task_timeout_seconds instead of unbounded defaults
  • roles/run.invoker grants listing exactly who may execute the job

Requirements

RequirementVersion
Terraform / OpenTofu>= 1.6
hashicorp/google>= 7.0, < 8.0

The Cloud Run Admin API (run.googleapis.com) must be enabled on the project.

Verification

Static-validated (fmt, validate, tflint). Live apply/destroy testing pending cloud sandbox availability — see catalog status.

License

Commercial — IaC Bazaar EULA. © IaC Bazaar. Original work (not derived from a third-party module).

Usage code & full reference unlock after purchase

The complete copy-paste usage, the full input/output reference, and operational notes ship with your licence — shown here and bundled in the download.

  • Usage
  • Inputs
  • Outputs