diff --git a/cloud_run/main.tf b/cloud_run/main.tf
index 49aa45f..097352b 100644
--- a/cloud_run/main.tf
+++ b/cloud_run/main.tf
@@ -23,6 +23,21 @@ resource "google_cloud_run_service" "default" {
       containers {
         image = var.container.image
 
+        startup_probe {
+          failure_threshold     = 5
+          initial_delay_seconds = 10
+          timeout_seconds       = 3
+          period_seconds        = 3
+
+          http_get {
+            path = "/"
+            http_headers {
+              name  = "Access-Control-Allow-Origin"
+              value = "*"
+            }
+          }
+        }
+
         dynamic "env" {
           for_each = var.container.env
 
@@ -72,6 +87,20 @@ resource "google_cloud_run_domain_mapping" "default" {
   }
 }
 
+resource "google_compute_region_network_endpoint_group" "default" {
+  count = var.neg == null ? 0 : 1
+
+  name                  = "${google_cloud_run_service.default.name}-neg"
+  network_endpoint_type = "SERVERLESS"
+  project               = var.project_id
+  region                = google_cloud_run_service.default.location
+
+  cloud_run {
+    service = google_cloud_run_service.default.name
+    tag     = var.neg.tag
+  }
+}
+
 resource "google_cloud_run_service_iam_policy" "default" {
   count = length(var.invokers) > 0 ? 1 : 0
 
diff --git a/cloud_run/outputs.tf b/cloud_run/outputs.tf
index a019b98..993fa1c 100644
--- a/cloud_run/outputs.tf
+++ b/cloud_run/outputs.tf
@@ -3,6 +3,11 @@ output "name" {
   value       = google_cloud_run_service.default.name
 }
 
+output "neg" {
+  description = "NEG ID, if available."
+  value = var.neg == null ? null : google_compute_region_network_endpoint_group.default.id
+}
+
 output "public_url" {
   description = "Public IP of the Cloud Run service."
   value       = google_cloud_run_service.default.status[0].url
diff --git a/cloud_run/variables.tf b/cloud_run/variables.tf
index 5b514dc..17390b4 100644
--- a/cloud_run/variables.tf
+++ b/cloud_run/variables.tf
@@ -41,6 +41,15 @@ variable "name" {
   type        = string
 }
 
+variable "neg" {
+  default     = null
+  description = "If specified, creates a Network Endpoint Group (NEG) for the Cloud Run service with the contained attributes."
+  nullable    = true
+  type = object({
+    tag = optional(string)
+  })
+}
+
 variable "project_id" {
   description = "ID of project to create resources in."
   type        = string
diff --git a/cloud_run_neg/main.tf b/cloud_run_neg/main.tf
deleted file mode 100644
index fdaa447..0000000
--- a/cloud_run_neg/main.tf
+++ /dev/null
@@ -1,11 +0,0 @@
-resource "google_compute_region_network_endpoint_group" "default" {
-  name                  = var.name == null ? "${var.cloud_run_name}-neg" : var.name
-  network_endpoint_type = "SERVERLESS"
-  project               = var.project_id
-  region                = var.region
-
-  cloud_run {
-    service = var.cloud_run_name
-    tag     = var.tag
-  }
-}
diff --git a/cloud_run_neg/outputs.tf b/cloud_run_neg/outputs.tf
deleted file mode 100644
index 903d6cb..0000000
--- a/cloud_run_neg/outputs.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-output "group_id" {
-  description = "ID of the created NEG."
-  value       = google_compute_region_network_endpoint_group.default.id
-}
diff --git a/cloud_run_neg/variables.tf b/cloud_run_neg/variables.tf
deleted file mode 100644
index 7dead54..0000000
--- a/cloud_run_neg/variables.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-variable "cloud_run_name" {
-  description = "Name of the Cloud Run service (i.e. google_cloud_run_service.default.name)."
-  type        = string
-}
-
-variable "name" {
-  description = "The name of this module."
-  type        = string
-  default     = null
-}
-
-variable "project_id" {
-  description = "ID of project to create resources in."
-  type        = string
-}
-
-variable "region" {
-  description = "The region where the project resides."
-  type        = string
-}
-
-variable "tag" {
-  default     = null
-  description = "Cloud Run tag to provide additional fine-grained traffic routing information. See google_compute_region_network_endpoint_group#cloud_run#tag (https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_region_network_endpoint_group)."
-  type        = string
-}
diff --git a/cloud_run_neg/versions.tf b/cloud_run_neg/versions.tf
deleted file mode 100644
index 30e2358..0000000
--- a/cloud_run_neg/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
-  required_version = ">= 1.3.0"
-
-  required_providers {
-    google = {
-      source  = "hashicorp/google"
-      version = ">= 4.50.0"
-    }
-  }
-}