How to grant a user account access for GCE Cloud Storage

Question

I have a Compute VM that has storage permission of read-write. When I try to run the following command:

gsutil rsync -R local-dir gs://folder1/prod/www.domain.tld

I get insufficient permission error:

Building synchronization state...
Skipping cloud sub-directory placeholder object (gs://folder1/prod/www.domain.tld/) because such objects aren't needed in (and would interfere with) directories in the local file system
Starting synchronization
Copying file://local-dir/.gitignore [Content-Type=application/octet-stream]...
Uploading   gs://folder1/prod/www.domain.tld/.gitignore:    174 B/174 B
AccessDeniedException: 403 Insufficient Permission

I am not sure what account needs to have specific permissions or how I would even assign the permissions. Can someone provide some direction as to what I need to look into? The only permissions I can think of is a service account but I am not sure how to create one or if that is what I even need to do. Also, once I grant an account access/permission, how would I use the account to authenticate?

Answer 1

Use gcloud auth list command to lookup the active account. The service account of Comoute Engine is similar to the following: 123845678986-compute@developer.gserviceaccount.com (active)

By default, this service account is a member of your project with Edit permission. Check ACLs of your GCS bucket and its folders and make sure the GCE service account or the group which it is belong to, has ownership or editing rights to them.