Recommender is a service thatautomatically provides recommendations and insights for using resources onGoogle Cloud, based on heuristic methods, machine learning, and currentresource usage. Each recommendation includes a link you can click to put therecommendation into effect for your service.

This guide shows how to useRecommenderto optimize Cloud Run services for security and costs.

Optimize cost

Recommender optimizes costs for billing.

Optimize billing

Recommender automatically looks at traffic received by yourCloud Run service over the past month, and will recommend switchingfromrequest-based billing toinstance-based billing, if this is cheaper.For more details, seebilling settings.

Optimize security

Recommender increases security by optimizing:

• Service accounts for a Cloud Run service so the serviceaccount has the minimal set of required permissions.

• Security of the following items in environment variables:

  • Passwords
  • API keys
  • Google Application Credentials

Googledoes not examine the values contained in those environment variables.Rather, we do acase insensitive check on the variablekey names, as shown in the following patterns:

• The environment variable key is a case insensitive variant ofAPI KEY, such asAPI_KEY,api_key,APIKEY, orapikey
• The environment variable ends in a case insensitive variant ofPASSWORD, suchasPASSWORD orpassword
• The environment variable isGOOGLE_APPLICATION_CREDENTIALS

Security issues addressed by Recommender

The following table shows what Recommender detects and helps you address:

Recommendation availability after deployment

Recommender automatically provides recommendations for a service afterit has been deployed, after a period of time has elapsed, typically one day.After this period of time, recommendations for the service are displayed withthe service in theCloud Run service listin the Google Cloud console and in theActive Assist.

Alternate ways of using recommendations

In addition to the use of recommendations covered on this page inside theCloud Run UI, recommendations are also available through the following:

• Recommender API
• BigQuery export
• Recommender Logs

View and accept recommendations for Cloud Run

To view and accept a recommendation in the Cloud Run user interface:

1. Go to Cloud Run

2. Locate services in the list that have something in theRecommendationscolumn.

3. Click theSecurity icon for your service under the column headingRecommendations, to display the recommendation pane for your service.

4. In the pane, read the insight about your service and the recommendation.

5. If you accept the recommendation, click the button at the bottom of the paneto make the changes suggested by the recommendation.

6. Follow the instructions and documentation to change your Cloud Runservice as needed.

View recommendations in Active Assist

To view recommendations in Active Assist:

Go to Active Assist

For more information, see the Active AssistGetting started page.

Dismissing a recommendation

ClickDismiss if you want to dismiss the recommendation without applying it.This prevents the recommendation for that function from appearing again for30 days.

Optimize Cloud Run apps with Gemini assistance

You can get AI-powered help fromGemini Cloud Assist chat toenhance performance and security. With Gemini Cloud Assist, youcan proactively address potential issues and vulnerabilities in your cloudinfrastructure, ensuring a robust and stable environment for your applicationsand services.

To use Gemini Cloud Assist from the Google Cloud console, dothe following:

1. Ensure that Gemini Cloud Assist is set up for your Google Cloud user account and project.

2. Set up your Cloud Run development environmentin your Google Cloud project and ensure you have the appropriatedeployment permissions.

3. Go to the Cloud Run page in the Google Cloud console.

   Go to Cloud Run

4. In the console toolbar, select a Google Cloud project. Use a projectassociated with a project ID you submitted after you were granted access toGemini Cloud Assist.

5. ClicksparkOpen or close Gemini AI chat.

   The Gemini panel opens.

6. If necessary, clickAccept if you agree to the terms.

7. If you have a question about a specific application, provide context bygoing to the page that shows your resource before asking your question. Whengenerating a response, Gemini includes information about thecurrent console page and project.

8. Enter a prompt in theGemini panel.

   The following table provide some example prompts for usingGemini Cloud Assist with Cloud Run.

   Prompt	Type of response
   "How to save cost on my Cloud Run service without sacrificing performance for serviceexample-service?"	Best practices for saving costs on your service without sacrificing performance.
   "How can I make my Cloud Run service more reliable and prevent downtime?"	Suggestions for enhancing reliability and minimizing downtime for your service.
   "How can I better secure my Cloud Run services?"	List of recommendations for increasing the security of your Cloud Run service.
   "For Black Friday/Cyber Monday, I need my workloads to handle high traffic. How should I prepare?"	Suggested comprehensive strategy encompassing capacity planning, reliability testing, and robust operational practices.
   "How can I improve my service's performance for my Cloud Run serviceexample-service?"	Considerations for improving the performance of your app.
   "My Cloud Run service "svc1" has been performing slow this week. Can you see if there's a reason?"	Instructions on how to investigate the issue using the tools available in the Google Cloud console, specifically within the Logs Explorer page of Logging.
   "How can I make my Cloud Run service bill cheaper?"	Provides several cost-optimization strategies.

For more details, see the following resources:

• Learn how towrite better prompts.
• Learn how to use theGemini Cloud Assist panel.
• ReadUse Gemini for AI assistance and development.
• Learnhow Gemini for Google Cloud uses your data.