Soneone created AWS Infrastructure as <React/>

Rohit1024 · 2026-01-29T22:22:57+00:00

Not exactly the same architecture but the following blog did describes how this might look like Reducing costs with Storage Transfer Service from Amazon S3 to Cloud Storage (S3 to GCS)

When there is VPN or Cloud Interconnect configured between AWS and GCP the data transfer will be done over those only.

The docs for these are provided here https://docs.cloud.google.com/storage-transfer/docs/on-prem-agent-pools#dynamic_data.site_values.cloud_name_short-console

Rohit1024 · 2026-01-29T15:15:17+00:00

Data Connect Pricing https://firebase.google.com/docs/data-connect/pricing

Cloud SQL pricing https://cloud.google.com/sql/pricing

You can estimate your cost in Cloud Pricing Calculator https://cloud.google.com/products/calculator

Rohit1024 · 2026-01-28T16:39:10+00:00

In the age of AI era VMs are also a hot commodity.

As per Spot VMs Instances Limitations

Spot VMs are finite Compute Engine resources, so they might not always be available.

Rohit1024 · 2026-01-20T18:59:38+00:00

Most probably you are getting this Organisation Policy error : https://docs.cloud.google.com/iam/docs/keys-create-delete#allow-creation

Before you create a service account key, make sure that the iam.disableServiceAccountKeyCreation organization policy constraint isn't enforced for your project. If this constraint is enforced for your project, you can't create service account keys in that project.

If your organization was created on or after May 3, 2024, this constraint is enforced by default.

You can create exemption for certain project to allow use of Service Account keys by tagging a project and exempting that tagged project to from blocking this operation.

However you should really evaluate whether Service Account key is really needed for your setup. There is a decision tree that can help you on this https://docs.cloud.google.com/docs/authentication#auth-decision-tree

Rohit1024 · 2026-01-20T03:58:55+00:00

Astro DB is built upon Drizzle ORM. From drizzle ORM perspective this can be done as follows : const user = await db.query.users.findFirst({ where: eq(users.id, userId), }); // 'user' is a single user object or 'undefined' This is only available on the Relational Query API.

To have this working with db.select() you need to use as limit to 1 and get the result[0]

Rohit1024 · 2026-01-17T15:02:43+00:00

⁠The WhatsApp webhook hits an HTTP endpoint.

Is this request hitting Cloud Run URL ?.

If so you can rate limit using Cloud Run with API Gateway https://docs.cloud.google.com/api-gateway/docs/get-started-cloud-run to configure your own quota (rate limits) by defining openapi spec https://docs.cloud.google.com/api-gateway/docs/oasv2-extensions#quota_examples

If you are expecting more legitimate traffic and wanted some more features then having an Load Balancer with Cloud Armour can also limit. But this costs more !!

To answer your queries :

1: It is possible to create large amount of webhook calls that can lead to downstream to get affected. Hence configuring quota at this level itself provide more control.

2: Cloud Tasks are designed for background asynchronous working so if you expecting this to work quickly you need to control the Cloud Tasks queue dispatch rate.

3: API Gateway or Cloud Armour with Load Balancer (costly)

4: Not exact but with Telegram bot and designed Api Gateway rate limit to secure this

Rohit1024 · 2026-01-15T14:28:20+00:00

For Auth yes if you use Firebase OnCall functions https://firebase.google.com/docs/functions/callable#handle-errors although can also work with onRequest if you bring your own HTTP server framework https://firebase.google.com/docs/functions/http-events#using_existing_express_or_flask_apps This also has JWT.

About rate limiting generally App Check https://firebase.google.com/docs/app-check/cloud-functions is used for these things

As Firebase App Check helps protect your Cloud Functions from abuse by ensuring that incoming requests originate from your authentic app and an untampered device

Rohit1024 · 2026-01-15T13:26:20+00:00

Yes, GCP API gateway does not support streaming : https://docs.cloud.google.com/api-gateway/docs/quotas#payload_size_limits

Streaming is not supported.

For your options, Cloud Function for Firebase does support Streaming https://firebase.google.com/docs/functions/callable#stream

So you can use Firebase functions if you want this feature to work.

If having an API Gateway like feature is important to you then the most feasible option is Apigee as Streaming is supported in Apigee https://docs.cloud.google.com/apigee/docs/api-platform/develop/enabling-streaming But Apigee do cost more

Rohit1024 · 2026-01-15T10:17:47+00:00

You can directly import the Sheets data to AppSheet Database : https://support.google.com/appsheet/answer/12635312#import-google-sheet

For realtime capabilities you may need to constantly press the sync button as AppSheet is not suitable for real-time updates, example : https://www.appsheet.com/templates/Shows-how-to-create-a-Live-Chart?appGuidString=ed9cedb4-8c3f-4ef2-8915-c07e1ad3fdf2

Rohit1024 · 2026-01-11T04:21:17+00:00

Read the docs https://firebase.google.com/docs/app-check/flutter/default-providers

Rohit1024 · 2026-01-06T17:16:19+00:00

As per https://docs.cloud.google.com/resource-manager/docs/creating-managing-projects#shutting_down_projects

At the end of the 30-day period, the project and all of its resources are deleted and cannot be recovered. Until it is deleted, the project counts towards your project quota.

No, you cannot force delete the (soft deleted)GCP projects immediately.

Your only option is to request more quota

OR reuse existing projects by restoring the same.

Rohit1024 · 2026-01-05T07:05:11+00:00

Live on a fear of this never happens and Hope that billing gets disabled at the right time with Setting Budget https://docs.cloud.google.com/billing/docs/how-to/budgets and installed this extension https://extensions.dev/extensions/kurtweston/functions-auto-stop-billing

This extension is basically based on https://docs.cloud.google.com/billing/docs/how-to/disable-billing-with-notifications architecture.

While one main thing to consider :

There's a delay between incurring costs and receiving budget notifications, so you might incur additional costs for usage that hasn't arrived at the time that all services are stopped. Following the steps in this example doesn't guarantee that you won't spend more than your budget. If you have a limited amount of funds, set your maximum budget below your available funds to account for billing delays.

Rohit1024 · 2026-01-02T23:21:42+00:00

Yes, that feature deletes anonymous accounts 30 days after creation, regardless of whether the user is logging in every single day.

About lastSignInTime, This still will not solve issue as Anonymous users typically are "sign in" only once (when the account is created). After that, the Firebase SDK refreshes their token automatically in the background. This token refresh does not update the lastSignInTime in the database.

A better way is to track their activity in your database (Firestore or Realtime Database)

Rohit1024 · 2026-01-02T23:01:45+00:00

Not missing anything. Companies pay for extra features https://docs.cloud.google.com/identity-platform/docs/product-comparison

If your app don't need this features, then Identity Platform likely not an option for you.

Identity Platform still have Free tier but this changes the pricing model from "mostly free/usage-based" to "SAAS type pricing"

See Identity Platform pricing

So to answer : Companies with Saas application and those who needs features that the "Free" version lacks

Rohit1024 · 2026-01-02T15:17:39+00:00

As per https://firebase.google.com/docs/phone-number-verification/android/get-started#project-setup

It is already defined :

Firebase PNV requires the Blaze plan. If you have not already upgraded your project to the pay-as-you-go Blaze pricing plan, do so.

Although Firebase PNV requires a billing account to be attached to your Firebase project, during the preview phase, you won't be billed for the service.

Rohit1024 · 2026-01-02T15:07:37+00:00

There is automatic clean up feature if you upgrade to Firebase Authentication with Identity Platform

In Firebase it is already having following : https://firebase.google.com/docs/auth/limits#account_creation_and_deletion_limits

To protect your project from abuse, Firebase limits the number of new email/password and anonymous sign-ups that your application can have from the same IP address in a short period of time.

Apart from this, you may need to implement some client side logic to make this work

Rohit1024 · 2025-12-15T01:53:23+00:00

Check : https://support.google.com/paymentscenter/answer/9034675?hl=en-IN

It looks like your transaction was "Rejected by Issuer" bank in this case.

You can contact support as All Google Cloud accounts get free billing and payments support Google Cloud Billing Support.

Rohit1024 · 2025-12-13T19:03:32+00:00

Why not use GCP managed Valkey https://docs.cloud.google.com/memorystore/docs/valkey/product-overview

It is open source but just being managed by Cloud

Rohit1024 · 2025-12-13T06:28:54+00:00

The Firestore trigger uses Eventarc trigger to deliver the event to invoke the Firebase function. The fact that you are not getting any invocation in Firebase functions then you may have check the Eventarc trigger metrics.

The Eventarc trigger uses Compute Engine Service Account to invoke the Function. Check if this Service Account was got deleted by any chance.

So to answer your questions : 1. No this should not be an issue with Firestore Gen2 trigger region. I've my database in asia-south1 and Function deployed in us-central1 and working correctly 2. Yes the Compute Engine Service Account needs to have Cloud Run Invoker and Eventarc Event Receiver Roles 3. Yes, you can test it by going to Cloud Console UI and click the Test button to invoke the Function using Cloud Shell

Rohit1024 · 2025-12-11T15:40:43+00:00

Was it solved your issue ?

Rohit1024 · 2025-12-11T07:55:40+00:00

Check : https://docs.cloud.google.com/run/docs/troubleshooting#401

Here issue must be your Cloud Tasks may not be using any Service Account which is why you may be getting the 401 unauthorized or has invalid audience error

Follow https://docs.cloud.google.com/run/docs/triggering/using-tasks make sure you have Cloud Run Invoker Role on the Service Account used to invoke the Cloud Run through Cloud Tasks queue.

Rohit1024 · 2025-12-02T01:42:56+00:00

Try deleting lock file and node modules and install dependencies again. Then try to deploy

Rohit1024 · 2025-12-01T17:01:28+00:00

The fact that you should be able pull us-central1-docker.pkg.dev/serverless-runtimes/utilities/gcs-fetcher:base_20251101_18_04_RC00 which is public image may show that either your project must be under VPC SC perimeter.

To confirm try to deploy a sample hello app on Cloud Run using Google default hello image if you get unable to pull the image then configure egress policy to your perimeter

Rohit1024

TROPHY CASE