Home google storage: restrict svc account bucket access
Reply: 2

google storage: restrict svc account bucket access

ethrbunny Published in 2018-01-12 17:15:36Z

Im hoping to use the API to create a svc account that has RO access to a single bucket. I'll be putting log files on a per-account basis into each bucket and want to restrict access between buckets.

Is the google api / IAM granular enough to do this? It will have to be via REST requests as Im dealing with some legacy Java that has old guava dependencies.

Travis Hobrla
Travis Hobrla Reply to 2018-01-12 17:34:39Z

You should be able to do this using the API.

First, create a service account according to Creating and Managing Service Accounts.

Then, grant the service account the storage.objectViewer role (as described in Cloud Storage IAM roles) for that bucket, as described in Granting Roles to Service Accounts.

ILMTitan Reply to 2018-01-12 18:32:08Z

You can find documentation for updating bucket ACLs here.

You can also use the Google Cloud Storage Java client library, specifically the Storage.createAcl(String bucket, Acl acl) method.

The code would look like:

storageService.createAcl("BucketName", Acl.of(new Acl.User("serviceAccount@Email"), Acl.Role.OWNER));
You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.307891 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO