stackoom
  简体   繁体   中英

Access Denied to Bucket while creating a GCP Load Balancer

 原文  2022-02-18 15:51:34       google-cloud-platform/ google-cloud-storage/ load-balancing

Question

I am getting the following error while creating and configuring a Load Balancer in GCP. The issue seems to be related to the creation of the Backend bucket due that i am receiving the following error:

Access denied to the Cloud Storage bucket '[NAME of THE Bucket].

The bucket has allUser access permission for public access and is configured as a web site.

Can anyone help me?

3 answers

solution1
 1  2022-02-19 22:31:54

The problem was that i was trying to configure a HTTPS Load Balancer meanwhile i had already configured a HTTP Load balancer with a redirection rule to HTTPS.

I solved the issue deleting the rule from the HTTP Load Balancer before creating the HTTPS Load Balancer. After creating succesfully the Load balancer i configured again the HTTP load balancer to redirect the traffic to HTTPS.

Both load balancer where using the same IP to redirect the traffic but for different protocols (HTTP and HTTPS)

  • Load balancer 1: HTTP://IP:80 -> HTTPS://IP:443
  • Load balancer 2: HTTPS://IP:443 -> Backend Bucket

solution2
 0  2022-02-18 21:27:25

First of all, please confirm that the current setting is the required one and that it was correctly set up by checking that the credentials are correct: ie, if you are using gsutil , check that the credentials stored in your .boto file are accurate. Also, confirm that gsutil is using the .boto file you expect by using the command gsutil version -l and checking the config path(s) entry.

If the credentials are correct, then verify if your requests are being routed through a proxy, using HTTP (instead of HTTPS ). If so, check whether your proxy is configured to remove the Authorization header from such requests. If so, make sure you are using HTTPS instead of HTTP for your requests.

Finally, go to the console and click on "Set bucket permissions" in the bucket's menu. Enter "allUsers" in Add Members, and assign Role -> Storage -> Storage Object Viewer .

Or, if you prefer to use gsutil , running gsutil -m acl set -R -a public-read gs://bucket should set access on all files in that bucket to the public. To set default permissions on the bucket in order to make those files public by default when they're added, use gsutil defacl set public-read gs://bucket .

You can use the following GCP's Official Documentation and the following thread as a reference.

solution3
 0  2022-09-27 01:28:32

To anybody else experiencing this, it may also be the case that your account is missing the necessary permissions.

Ensure that in your Projec IAM, your account has the following permissions:

  • Compute Network Admin
  • Storage Object Admin

Both of those permissions must be enabled. This is true regardless of the other roles you have been assigned. In other words, it is not enough to be the project Owner. These two permissions must be added separately.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question GCP - No tags for Global Load Balancer GCP: load balancer rewrite path How do I restrict GCP load balancer access by domain, domain's IP or GKE ingress IP? GCP Google Cloud - Cannot create Load Balancer How to define global load balancer in ingress.yaml instead of defaulting to classic load balancer - gcp GCP - can we create service account for Load Balancer / CDN? How to redirect HTTP to HTTPS using GCP load balancer GCP bucket file access using PHP curl using JSON key GCP API Gateway is confused about JWT by adding an external load-balancer in front How to Send 103 Early Hints via GCP External HTTPS Load Balancer?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM