Reputation: 449
Granting access to a Google Cloud Storage bucket to a third-party
I need a third-party to upload some files to a Google Cloud Storage bucket. What is the best (or easiest) way to give them access?
Upvotes: 17
Views: 8559
Answers (2)
Reputation: 81336
The first two methods require that the user have a valid Google Account. I am ignoring Google Identity Platform in this answer. If the user has a Gmail Account, then this means they also have a Google Account. The third method uses a Google Service Account.
Method 1: Use the Google Cloud Storage Console:
Go to
Storage->Browser.Check the desired bucket. In the right side panel under
permissions, click theAddbutton.Add the user's Google Account email address. Select
Storage Object Creator.
The role granted is roles/storage.objectCreator. This role grants the user permissions to create objects in the bucket but the user cannot delete or overwrite objects.
Method 2: Use the gsutl CLI:
gsutil iam ch user:[email protected]:ObjectCreator gs://examplebucket
Command to read the current bucket IAM policy:
gsutil iam get gs://examplebucket
Method 3: Use a Google Service Account
Create a Google Service Account in the Google Cloud Console
- Go to
IAM & admin->Service accounts - Click
CREATE SERVICE ACCOUNT - Enter a
Service account nameandService account description - Click
CREATE - In the next screen
Service account permissions, select a role. - Select
Storage->Storage Object Creator - Click
CONTINUE - Click
Create key - Check the
JSONradio button for theKey type - Save the json file to your local computer.
You now have Google Service Account credentials that can be setup with gsutil, gcloud and software programs.
Setting up gcloud with Service Account Credentials
Upvotes: 24
Reputation: 1516
The way you grant access to your third-party Customers to upload files to a Google Cloud Storage bucket would differ from one programming language to another. In PHP, you would write something like:
$options = ['gs_bucket_name' => $my_bucket]; $upload_url = CloudStorageTools::createUploadUrl('/upload/handler', $options);
and get an upload URL as a result. You may find more detail on this solution in the "Allowing Users to Upload Files" online document.
Upvotes: 0
Related Questions
- How does one grant authenticated website users (App Engine standard) access to Google Cloud Storage bucket?
- How can I give my Google Cloud App Engine access to my Firebase Storage bucket
- How to grant Google compute engine instance access to a cloud storage bucket?
- Accessing Cloud Storage Objects via App Engine without making bucket publicly readable
- Google Cloud storage: Grant permission to OAuth 2.0 client
- How to grant a user account access for GCE Cloud Storage
- Google Cloud Storage: How can I grant an installed application access to only one bucket?
- Google Cloud Storage Client Library - set acl to both "public-read" and "bucket-owner-full-control"
- Google Cloud Storage - Bucket permission within application
- Unable to give Google App Engine Service Account access to Google Cloud Storage