Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What permissions are needed for an service account to generate signed url for blobs on cloud storage in gcp

Tags:

google-cloud-platform

google-cloud-storage

pre-signed-url

I would like to know exact permissions needed by a service account to be able to generate signed urls (GET and PUT) on any object in a specific bucket B1. A terraform script is welcome. Currently I just use default app engine service account which has a lot of extra permissions

like image 387
Aseem Avatar asked Oct 25 '25 08:10

Aseem

1 Answers

To generate a GET signed url, your service account needs to have storage.objects.get permission

To generate a PUT signed url, your service account needs to have storage.objects.create permission

So ideally I would create a new role - generate_signed_url and grant these 2 permissions on that role. Then assign that role to the service account that's being used to generate a signed url.

like image 151
Aseem Avatar answered Oct 27 '25 01:10

Aseem
Sign in to Comment

Related questions

PermissionError using google cloud Vision Api in Firebase Functions in nodejs
Reading and writing pickles using Google Cloud

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!