Lab
A Cloud Guru

Creating and Managing GCP Storage Bucket Roles and ACLs

Google Cloud Storage makes it possible to control who has access to the files stored in it's buckets in a number of ways. Generally, you can choose to allow uniform permissions to be applied at the bucket level, the default option. Or, you can opt to use the fine-grained permission control option, which allows you to specify permissions and accessibility for each object in the bucket individually. In this Hands-On Lab, I'll show you how to set up buckets, populate them with files from a repository, and then set the permissions as desired.

Try for free Contact sales

Path Info

Level

Beginner

Duration

45m

Published

Mar 06, 2020

Challenge

Create Cloud Storage buckets.
1. Activate the Cloud Shell.
2. Create the first bucket for uniform access, with a unique name: gsutil mb gs://[BUCKET_NAME]/
3. Create a second bucket for fine-grained access, with a unique name: gsutil mb gs://[BUCKET_NAME]/
Challenge

Retrieve the working files.
1. Clone an existing repo: git clone https://github.com/linuxacademy/content-gc-iam-deepdive
2. Change directories with the following command: cd content-gc-iam-deepdive/
3. Copy the appropriate files from your Cloud Shell to your buckets with the following commands: gsutil -m cp -r fine-grained-access/* gs://[BUCKET_NAME]/ gsutil -m cp -r uniform-access/* gs://[BUCKET_NAME]/
4. Confirm the copy by returning to the Cloud Storage Browser and refreshing the buckets.
Challenge

Set the fine-grained permissions.
1. From the Cloud Storage Browser page, open the fine-grained-access bucket.
2. To the right of one of the images, select the Action (3-dot) menu, and choose Edit Permissions.
3. When the Edit Permissions dialog appears, click + Add Item.
4. In the Entity column, select Public.
5. In the Name column, enter allUsers.
6. In the Access column, choose Reader.
7. Click Save.
Challenge

Set the uniform permissions.
1. Return to the Cloud Storage Browser page.
2. To the right of the uniformed-access, select the Action (3-dot) menu and choose Edit Bucket Permissions.
3. In the Permissions tab, select Edit.
4. When the Edit Access Control dialog opens, choose the Uniform option.
5. Check the Add project ACLs to the bucket IAM policy checkbox.
6. Click Save.
7. Click Add Member.
8. In the New Members field, enter allUsers.
9. In the Role field, choose Storage then Storage Object Viewer.
10. Click Save.
11. Open the bucket.
12. From any image, select the link in the Public Access column.

Author

A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.