CODEWITHSUNDEEP
google-cloud-platformgoogle-cloud-storagegoogle-oauth
Nikratio
Nikratio

Reputation: 2449

Google Cloud Storage - How to limit access to specific bucket

I'd like to give an application access to one of my Google Storage buckets by giving it a suitable OAuth2 token.

If I understand https://cloud.google.com/storage/docs/authentication correctly, then there is no way to limit a token to a specific bucket.

What is the easiest / recommended way to create a token with limited access? I guess I could create an entirely new Google account just for this purpose, adjust the ACLs of the bucket to give access to the new user as well, and then create an OAuth token using that user. But that seems... awkward and not very scalable.

(In case it matters: the application is using the OAuth2 device flow, i.e. it gives me a Google URL that I have to visit and use to log in)

Upvotes: 1

Views: 3906

Answers (2)

John Hanley
John Hanley

Reputation: 81356

Use Bucket ACLs and grant the user's email address to the bucket. The user's email address must be part of Google Accounts or G Suite that the user logs in with (to Google Accounts).

The following gsutil example will grant [email protected] the permission write on Bucket example-bucket:

gsutil acl ch -u [email protected]:WRITE gs://example-bucket

Documentation:

GSUTIL - ACLs

Upvotes: 1

Mohit Gupta
Mohit Gupta

Reputation: 649

You can create a service account, with access limited to the required bucket. https://cloud.google.com/iam/docs/understanding-service-accounts

Upvotes: 1

Related Questions