I'd like to integrate Filestack with a GCP storage bucket, which requires:
- setting up a service account in my GCP project with a set of required roles
- providing a JSON key for the service account as well as the bucket ID and the project ID to the Filestack storage config
I've been given the list of required roles from the Filestack support, which is as follows:
- Owner
- Storage Admin
- Storage Object Admin
- Storage Object Creator
- Storage Object Viewer
The only Owner role I can find, and that Filestack is using in their youtube guide for GCP storage integration is the project owner role, which seems to give a lot of privileges to the service account outside the scope of managing a storage bucket. I don't have a lot of experience with service accounts, but I'm worried about giving a role with these privileges to a third party when it doesn't seem to require it. Am I right in being skeptical about this, or is there some detail that I'm missing wrt. integrating GCP resources with an external 3rd party?
EDIT: There is a button in the Filestack storage config one can use to test the integration, which only succeeds if the Owner role is assigned to the service account. I have also asked their support about this, but haven't received an answer to this yet.
