I need a third-party to upload some files to a Google Cloud Storage bucket. What is the best (or easiest) way to give them access?
2 Answers
16
votes
The first two methods require that the user have a valid Google Account. I am ignoring Google Identity Platform in this answer. If the user has a Gmail Account, then this means they also have a Google Account. The third method uses a Google Service Account.
Method 1: Use the Google Cloud Storage Console:
Go to
Storage->Browser.Check the desired bucket. In the right side panel under
permissions, click theAddbutton.Add the user's Google Account email address. Select
Storage Object Creator.
The role granted is roles/storage.objectCreator. This role grants the user permissions to create objects in the bucket but the user cannot delete or overwrite objects.
Method 2: Use the gsutl CLI:
gsutil iam ch user:[email protected]:ObjectCreator gs://examplebucket
Command to read the current bucket IAM policy:
gsutil iam get gs://examplebucket
Method 3: Use a Google Service Account
Create a Google Service Account in the Google Cloud Console
- Go to
IAM & admin->Service accounts - Click
CREATE SERVICE ACCOUNT - Enter a
Service account nameandService account description - Click
CREATE - In the next screen
Service account permissions, select a role. - Select
Storage->Storage Object Creator - Click
CONTINUE - Click
Create key - Check the
JSONradio button for theKey type - Save the json file to your local computer.
You now have Google Service Account credentials that can be setup with gsutil, gcloud and software programs.
0
votes
The way you grant access to your third-party Customers to upload files to a Google Cloud Storage bucket would differ from one programming language to another. In PHP, you would write something like:
$options = ['gs_bucket_name' => $my_bucket]; $upload_url = CloudStorageTools::createUploadUrl('/upload/handler', $options);
and get an upload URL as a result. You may find more detail on this solution in the "Allowing Users to Upload Files" online document.
