- A Cloud Guru
Creating and Managing GCP Storage Bucket Roles and ACLs
Google Cloud Storage makes it possible to control who has access to the files stored in it's buckets in a number of ways. Generally, you can choose to allow uniform permissions to be applied at the bucket level, the default option. Or, you can opt to use the fine-grained permission control option, which allows you to specify permissions and accessibility for each object in the bucket individually. In this Hands-On Lab, I'll show you how to set up buckets, populate them with files from a repository, and then set the permissions as desired.
Table of Contents
Create Cloud Storage buckets.
- Activate the Cloud Shell.
- Create the first bucket for uniform access, with a unique name: gsutil mb gs://[BUCKET_NAME]/
- Create a second bucket for fine-grained access, with a unique name: gsutil mb gs://[BUCKET_NAME]/
Retrieve the working files.
- Clone an existing repo: git clone https://github.com/linuxacademy/content-gc-iam-deepdive
- Change directories with the following command: cd content-gc-iam-deepdive/
- Copy the appropriate files from your Cloud Shell to your buckets with the following commands: gsutil -m cp -r fine-grained-access/* gs://[BUCKET_NAME]/ gsutil -m cp -r uniform-access/* gs://[BUCKET_NAME]/
- Confirm the copy by returning to the Cloud Storage Browser and refreshing the buckets.
Set the fine-grained permissions.
- From the Cloud Storage Browser page, open the fine-grained-access bucket.
- To the right of one of the images, select the Action (3-dot) menu, and choose Edit Permissions.
- When the Edit Permissions dialog appears, click + Add Item.
- In the Entity column, select Public.
- In the Name column, enter allUsers.
- In the Access column, choose Reader.
- Click Save.
Set the uniform permissions.
- Return to the Cloud Storage Browser page.
- To the right of the uniformed-access, select the Action (3-dot) menu and choose Edit Bucket Permissions.
- In the Permissions tab, select Edit.
- When the Edit Access Control dialog opens, choose the Uniform option.
- Check the Add project ACLs to the bucket IAM policy checkbox.
- Click Save.
- Click Add Member.
- In the New Members field, enter allUsers.
- In the Role field, choose Storage then Storage Object Viewer.
- Click Save.
- Open the bucket.
- From any image, select the link in the Public Access column.
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.