stackoom
  简体   繁体   中英

How to give service account only access to one bucket (Google Cloud)?

 原文  2021-01-01 12:36:58       google-cloud-platform/ google-cloud-functions/ google-cloud-storage

Question

How to give service account only access to one bucket ? If you just in case wanna give another 3rd party service access to your private bucket?

The problem is by default (service account) has access to all buckets and I've no idea how to restrict it to only one bucket only.

Is it possible to achieve this from dashboard or only console? If it is possible from dashboard then I would like to know the steps of that.

Thank you.

Edit **

I have 3 buckets and when I create a service account with (Object Viewer) permission it automatically gets added to all 3 of them and when I try to delete it from permission of any of bucket I don't want it to have access to, I get this message saying (Member is inherited from another policy and cannot be deleted.)

2 answers

solution1
 3  2021-01-01 14:46:53

If you go to the Google Cloud Storage Console , you'll find a list of buckets for your GCP project. Click on the three vertical dots to the right of the relevant project, and choose "Edit bucket permissions". You can then use "Add member" to give appropriate permissions to the relevant service account.

solution2
 0  2022-05-12 09:52:12

You need to create an IAM entry and restrict access by specifying a condition .

For example, if I want the user user.email@domain.ext to access the bucket b_1 with the permission Storage Object Admin

  1. Browse to your bucket b_1
  2. On the kebab menu (three vertical dots) > edit access
  3. Add principal: user.email@domain.ext
  4. Specify role: Storage Object Admin
  5. Specify condition
    • enter the Title of condition
    • enter a Description
    • In the Condition Builder select Condition type : Resource > Name
    • In Operator select is or Starts With , etc..
    • Enter your bucket name projects/<your_project>/buckets/b_1
  6. You may want to enter an other Conditions type such as Resource > Type and select storage.googleapis.com/Bucket

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Give service account access to one bucket in google cloud storage How to access to a Google Cloud Storage bucket from a Cloud Run service without using a local Service Account key file? How to transfer bucket from one google cloud account to another? Google Cloud Platform (GCP): How to give additional roles to service account? How to grant service account access to a user account on google cloud How to fix Google cloud deployment error: xxxxx.cloudbuild-logs.googleusercontent.com"; builder service account does not have access to the bucket Google Cloud Storage: How can I grant an installed application access to only one bucket? How to restrict access to only service account users in google cloud storage permissions Why does my service account not give remote access to Google Cloud Firestore? Making a Cloud Storage bucket accessible only by a certain service account
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM