Reputation: 8611
how can I set google cloud storage ACL to give READ permission only to GAE apps?
The bucket is project-private. So far I managed to update the ACL of the bucket through gsutil CLI. The issue is that only the owner (the app that writes/uploads the files) has access. The other apps specified in the bucket ACL get a permission error when I try to read or list the bucket content. Am I missing something ?
<Entry>
<Scope type="UserByEmail">
<EmailAddress>
[email protected]
</EmailAddress>
</Scope>
<Permission>
READ
</Permission>
</Entry>
<Entry>
<Scope type="UserByEmail">
<EmailAddress>
[email protected]
</EmailAddress>
</Scope>
<Permission>
READ
</Permission>
</Entry>
Upvotes: 1
Views: 789
Answers (1)
Reputation: 3808
Try adding your app's service account to your project team, as illustrated in this tutorial: https://developers.google.com/appengine/articles/prediction_service_accounts. That tutorial focuses on using app engine with the Google Prediction API, however, the concept of enabling access to your app's service account should apply equally well when providing access to Google Cloud Storage resources to App Engine apps.
Upvotes: 1
Related Questions
- How to block read permission for Google Cloud Datastore
- Google cloud storage - permission denied exception
- How to set Google Cloud Storage ACL with GD image functions
- Changing ACL for Google Cloud Storage from Appengine (JAVA)
- Google Cloud Storage ACL not working for bucket
- Google Cloud Storage Client Library - set acl to both "public-read" and "bucket-owner-full-control"
- Google Cloud Storage - Set Acl for Google Compute Engine
- Restricting files from Google Cloud Storage to the users that have authenticated with my Google App Engine app?
- Google-App-Engine and Cloud-Storage, Access Denied
- Set ACL for Google Storage Object with JSON Api in Appengine