1
votes

I want to backup multiple servers using Google Cloud Storage. Each server needs access to the bucket containing his backups. A server should not have access to the bucket of any other server.

I have used Amazon S3 before and simply created one user per server in IAM and assigned a policy to the user that allows accessing a specific bucket.

On Google Cloud Storage it seems like Authentication is based on Google Accounts and OAuth 2.0 so every server uses the same Google Account (mine) and the result is that every server has full access to all buckets.

How to give each server his own access credentials (that has access to his own bucket only) without the need to create a new Google Account for each server?

1
You can create/use service accounts cloud.google.com/storage/docs/authentication#service_accounts) for each bucket and use them to authenticate access to storage bucket from your Google Compute Engine instance. You can limit the access you your bucket by changing the bucket ACLs (cloud.google.com/storage/docs/access-control) to allow the access to service account only.Faizan
Thanks, this seems to be what I am looking for (unbelievable that I missed this). If you add this as answer I could mark this question as solved and give you your reputation :)fnkr
Added my post as an answer. ThanksFaizan

1 Answers

1
votes

You can create/use service accounts for each bucket and use them to authenticate access to storage bucket from your Google Compute Engine instance. You can limit the access you your bucket by changing the bucket ACLs to allow the access to service account only.