Reputation: 51
Access Denied to Bucket while creating a GCP Load Balancer
I am getting the following error while creating and configuring a Load Balancer in GCP. The issue seems to be related to the creation of the Backend bucket due that i am receiving the following error:
Access denied to the Cloud Storage bucket '[NAME of THE Bucket].
The bucket has allUser access permission for public access and is configured as a web site.
Can anyone help me?
Upvotes: 3
Views: 3503
Answers (3)
Reputation: 1446
To anybody else experiencing this, it may also be the case that your account is missing the necessary permissions.
Ensure that in your Projec IAM, your account has the following permissions:
- Compute Network Admin
- Storage Object Admin
Both of those permissions must be enabled. This is true regardless of the other roles you have been assigned. In other words, it is not enough to be the project Owner. These two permissions must be added separately.
Upvotes: 0
Reputation: 51
The problem was that i was trying to configure a HTTPS Load Balancer meanwhile i had already configured a HTTP Load balancer with a redirection rule to HTTPS.
I solved the issue deleting the rule from the HTTP Load Balancer before creating the HTTPS Load Balancer. After creating succesfully the Load balancer i configured again the HTTP load balancer to redirect the traffic to HTTPS.
Both load balancer where using the same IP to redirect the traffic but for different protocols (HTTP and HTTPS)
- Load balancer 1 : HTTP://IP:80 -> HTTPS://IP:443
- Load balancer 2 : HTTPS://IP:443 -> Backend Bucket
Upvotes: 2
Reputation: 1102
First of all, please confirm that the current setting is the required one and that it was correctly set up by checking that the credentials are correct: i.e., if you are using gsutil, check that the credentials stored in your .boto file are accurate. Also, confirm that gsutil is using the .boto file you expect by using the command gsutil version -l and checking the config path(s) entry.
If the credentials are correct, then verify if your requests are being routed through a proxy, using HTTP (instead of HTTPS). If so, check whether your proxy is configured to remove the Authorization header from such requests. If so, make sure you are using HTTPS instead of HTTP for your requests.
Finally, go to the console and click on "Set bucket permissions" in the bucket's menu. Enter "allUsers" in Add Members, and assign Role -> Storage -> Storage Object Viewer.
Or, if you prefer to use gsutil, running gsutil -m acl set -R -a public-read gs://bucket should set access on all files in that bucket to the public. To set default permissions on the bucket in order to make those files public by default when they're added, use gsutil defacl set public-read gs://bucket.
You can use the following GCP’s Official Documentation and the following thread as a reference.
Upvotes: 2
Related Questions
- How do I allow my GCP Load Balancer to access a Bucket in another project?
- Signed url for gcp bucket object fails with access denied
- Facing issues to create bucket
- Create bucket for public access with service account
- 403 forbidden when trying to create a bucket using Deployment Manager
- Unable to create bucket in google cloud
- GCP cloud storage: 403-Forbidden while executing `Storage.BucketAccessControls.List` request
- GCP Deployment Manager: 403 does not have storage.buckets.get access
- Can't create bucket
- Bucket URL access denied