Reputation: 11
TPU-VM gives access denied when accessing Bucket
I have a number of Google cloud TPU-VMs which need to write to a Bucket.
Most of them work fine, but the one I created this morning is giving me Access Denied when I run gsutil -m cp test_file.txt gs://MY_BUCKET_NAME:
"error": {
"code": 403,
"message": "Access denied.",
"errors": [
{
"message": "Access denied.",
"domain": "global",
"reason": "forbidden"
}
]
The VM is identical to all the others as far as I can see (same project, same versions, same region, same service account, gcloud config list and gcloud auth list give identical results) - any ideas why it's behaving differently?
This still happens even when I give allUsers public permissions to write to the bucket.
Upvotes: 1
Views: 254
Answers (1)
Reputation: 31
Have you checked the scope of the machine (link)? It sounds like your machine has read-only scope instead of read_write.
How to verify:
- Go to the console, and select your TPU
- In the
DETAILStab, clickEquivalent REST - Check the
scopeunderserviceAccount, and make sure you havehttps://www.googleapis.com/auth/devstorage.read_write
It likely happens when you create a TPU via GCP console as the default scope is read-only. But creating the machine with gCloud CLI won't cause this problem.
Upvotes: 2
Related Questions
- Access Denied to Bucket while creating a GCP Load Balancer
- GCP: how to access cloud storage bucket from a VM instance
- Trying to access GCS bucket but getting a `403 - Forbidden` error message
- Signed url for gcp bucket object fails with access denied
- How to connect to private storage bucket using the Google Colab TPU
- Bucket query permission denied in GCP despite service-account having the Owner role
- GCP cloud storage: 403-Forbidden while executing `Storage.BucketAccessControls.List` request
- GCP: Unable to connect to cloud TPU
- Can't access TPU from VM in GCP
- Bucket URL access denied