Google Cloud Storage - make objects in a bucket publicly viewable

Question

I've got a bucket in Google Cloud Storage, and a website. People can currently upload to the bucket through the website (using Google authentication).

However, I need to set it so that anyone can view the files that are uploaded (and can't modify them).

This can't be something that Google needs to authenticate, as some of our clients' IT departments have blocked Google (for whatever reason) and refuse to budge. It could be something where the request is made from my website, it could allow it (as I'll record the URL on the website's database).

Preferably, if this could be done without using gsutil that would be great.

Answer 1

You can set a default object ACL on the bucket that makes all objects uploaded to that bucket publicly readable. For example you could do it using gsutil:

gsutil defacl ch -u AllUsers:R gs://your-bucket

Note that the above command only affects newly written objects. If you already have objects in your bucket that need to be made public you could accomplish that with gsutil as well:

gsutil acl ch -u AllUsers:R gs://your-bucket/**

Regarding your point about making sure anyone can view the files but not modify them: You can accomplish this by making sure the bucket ACL only allows you (or your service account) to write objects, not all users.