Enable “Interoperable” access for GCS with Terraform?

Question

Is it possible to enable s3 compatible access to GCS using Terraform and generate / retrieve keypairs?

The help states:

The Interoperability API lets you use HMAC authentication and lets Cloud Storage interoperate with tools written for other cloud storage systems. Turn on this API only if you require interoperable access for the current user. This API is enabled per project member, not per project. Each member can set a default project and maintain their own access keys.

Which leads me to believe this would be an attribute of the user, and not of the storage subsystem. I haven't been able to find anything in TF, gcloud or API documentation.

Thanks in advance

curious if you ever solved this? I'm in the same boat right now and haven't found anything in docs either. — Roly
Did you consider using Google Cloud Storage Transfer Service? — Pawel Czuczwara
In the step by step documentation Migrating from Amazon S3 to Cloud Storage, there is a section how to manage developer keys — Pawel Czuczwara

thusoy thusoy · Accepted Answer · 2020-08-20T16:10:27

Yes, create a service account that should use the interoperability APIs and then create a google_storage_hmac_key:

resource "google_service_account" "test" {
  account_id = "interop-test"
}

resource "google_storage_hmac_key" "test" {
  service_account_email = google_service_account.test.email
}

output "access_key" {
  value = google_storage_hmac_key.test.access_id
}

output "secret_key" {
  value     = google_storage_hmac_key.test.secret
  sensitive = true
}

Enable “Interoperable” access for GCS with Terraform?

1 Answers