Revision history [back]
 | 1 | initial version |
To provide users with read-only access to a GCS bucket folder using Deployment Manager, you can follow these steps:
- Create a new IAM role for read-only access:
a. Log in to the Google Cloud Console b. Go to the IAM & Admin page c. Click on the Roles tab d. Click on Create Role e. Enter a name for the role, such as "GCS Bucket Read-Only Access" f. Click on the Add Permissions field and search for the GCS permission Storage Object Viewer g. Select the permission and click Add h. Click Create
- Create a new IAM policy binding:
a. Go to the IAM & Admin page b. Click on the IAM tab c. Click on the Edit button next to the name of the GCS bucket d. Click on the Add button under the Members field e. Enter the email addresses of the users you want to grant read-only access to f. Select the role you created in step 1 from the dropdown menu g. Click Add
- Deploy the IAM policy binding using Deployment Manager:
a. Create a new deployment configuration file in YAML format b. Add the following code:
imports:
- path: iam-policy.jinja
resources:
- name: gcs-bucket-policy
type: iam.v1.policy
properties:
resource: "projects/<project-id>/buckets/<bucket-name>"
bindings:
- role: "roles/gcsViewer"
members:
- "user:<user-email>"
- "serviceAccount:<service-account-email>"
c. Replace <project-id>, <bucket-name>, <user-email>, and <service-account-email> with the appropriate values for your project and users.
d. Deploy the configuration file using Deployment Manager:
gcloud deployment-manager deployments create iam-policy --config config.yaml
This will create an IAM policy binding that grants read-only access to the specified users for the specified GCS bucket folder.