Firebase cloud storage error Due to a recent security improvement in Cloud Storage for Firebase, you need to grant an additional IAM role

Question

I am using firebase cloud storage with SwiftUI. An error shows up in the storage section on the firebase console that says Due to a recent security improvement in Cloud Storage for Firebase, you need to grant an additional IAM role to a service account in this project.

I have clicked the attach permissions button on the alert many times and it fails every time. This prevents me from uploading images to storage is there a way to manually add these permissions? If so what role should I gran?

Answer 1

This is caused by Firebase changing their service agent. If you had a project prior to fall 2022 it might be affected. I found the following that covers how to set this up:

Firebase cloud storage error Due to a recent security improvement in Cloud Storage for Firebase, you need to grant an additional IAM role

They have an endpoint you can click to activate it as documented here: https://firebase.google.com/support/faq#storage-accounts

You can use the AddFirebase REST endpoint to reactivate cloud storage for firebase on your bucket: https://firebase.google.com/docs/reference/rest/storage/rest/v1beta/projects.buckets/addFirebase

With Terraform this was my solution to add to my existing project:

resource "google_project_service_identity" "firebase_storage_service_agent" {
  provider = google-beta
  project  = google_project.project.project_id
  email    = "service-${google_project.project.number}@gcp-sa-firebasestorage.iam.gserviceaccount.com"
  service  = "firebasestorage.googleapis.com"
}


resource "google_project_iam_member" "firebase_storage_service_agent_member" {
  project = google_project.project.project_id
  member  = "serviceAccount:${google_project_service_identity.firebase_storage_service_agent.email}"
  role    = "roles/firebasestorage.serviceAgent"
}