Reputation: 325
Cannot give Google CDN service account to Bucket
I am trying to give the Google CDN service account access to my bucket as said here: https://cloud.google.com/cdn/docs/using-signed-urls
gsutil iam ch serviceAccount:service-{PROJECT_NUMBER}@cloud-cdn-fill.iam.gserviceaccount.com:objectViewer gs://{BUCKET}
But the response is:
BadRequestException: 400 Invalid argument
Adding it via the cloud console is also impossible, it says "Email addresses and domains must be associated with an active Google Account or Google Apps account."
Am I missing something or is this a bug?
Upvotes: 0
Views: 1783
Answers (1)
Reputation: 1533
The Cloud CDN cache fill service account is created when you enable signed URLs. The error message suggests there's a problem with the project number or you haven't yet enabled signed URLs for that project. You can enable signed URLs by following the instructions at https://cloud.google.com/cdn/docs/using-signed-urls#creatingkeys. Make sure you enable signed URLs for a backend service or backend bucket in the same project you specify in the gsutil command.
Upvotes: 1
Related Questions
- Google Cloud Storage Bucket can't transfer data in
- Google Could Storage: error when inserting bucket - 'Error 403: The account for the specified project has been disabled'
- GCloud Service Account cant access bucket even though he has role storage-object-admin
- Create bucket for public access with service account
- GCP cloud storage: 403-Forbidden while executing `Storage.BucketAccessControls.List` request
- Google Cloud Storage - Can't add bucket with domain, ownership error
- Unable to create domain-based bucket even after verification
- Unable to create bucket using domain name under google cloud storage - Server Error
- Can't create bucket
- Bucket URL access denied