Menu
Is it possible to do this?
The analogous feature in AWS using IAM does support restricting access to a single bucket, but from looking https://cloud.google.com/compute/docs/access/service-accounts it doesnt look like it is possible in GCP.
721
In most cases, IAM is the recommended method for controlling access to your resources. IAM controls permissioning throughout Google Cloud and allows you to grant permissions at the bucket and project levels.
Open the Service Accounts page in the GCP Console and select the required Project. Click on Create Service Account and enter a service account name and select a role with desired permissions for the service account. Note: Make a note of the email ID of the service account. Click Save.
To restrict access for a service account to a specific bucket using IAM permissions you can use gsutil:
gsutil iam ch serviceAccount:${SERVICE_ACCOUNT}@${PROJECT}.iam.gserviceaccount.com:objectViewer gs://${BUCKET}
And repeat for each role you want to grant (eg objectAdmin).
The docs are here Using Cloud IAM with buckets. If you need finer control on specific objects, you have to use ACLs.
150
The Identity and Access Management (IAM) and service account permissions are the recommended methods for controlling access to your resources for a general scope; However, you should rather use Access Control Lists in case you want to customize the access scope to individual buckets and it's objects.
I recommend you to take a look on the Creating and Managing Access Control Lists guide that contains detail information about the usage of ACLs as well as the step-by-step instructions to set ACL permissions to an existing bucket.
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
