Google Cloud storage bucket is a fundamental resource in the Google cloud platform(GCP) used for storing and managing objects or files including photos, videos, documents, application files, and more. It can store small amounts of data in very large files. It is secure and you have access to decide who can see and manage your data. It is cost-effective and only charges you for the amount of storage you use.
Section 1: Creating Google Cloud Storage Bucket
1.1 Sign Up For a GCP Account
To create a Google Cloud storage bucket first you must have a GCP account. If you don’t already have one follow this Google Cloud free trial to create a free trial account after creating an account.
1.2 Creating a Google Storage Bucket
- Go to the Google Cloud side menu and select Cloud storage buckets.
- Now click on create option and fill the the details by choosing options that suits best to your requirments.
- Now in this popup box uncheck the box of public access prevention if you want to allow public access and make you data publicly accessible. If you do not wish to allow public access let the public access prevention checkbox enabled.Then click confirm and you will have your google cloud bucket created.
1.3 Uploading Files to Your Bucket
- To upload files to your newly created Cloud bucket, click on upload files and select files that you want to upload.
- As you can see in the Public access column our bucket is not Public right now, if you want to allow public access follow this step.
Section 2: Controlling Access to Your Bucket
2.1 Public Access Control
- Select your bucket
- Click on permissions
- As you can see by default Access control is Uniform and it is recommended to use Uniform access control rather than Fine grained
|
Access Control: Uniform |
Access Control: Fine grained |
|---|---|
|
Lower chances of Data exposure |
Higher chances of data exposure |
|
Adding permissions at bucket level ensures that two users in different objects cannot see each others files. |
You have to set permissions at object level also and if not done properly two users in different objects might be able to see each others files. |
2.2. Fine-Grained Access Control
In Google Cloud Storage, you can use both Identity and Access Management (IAM) permissions and Access Control Lists (ACLs) to control access to your buckets and objects. These mechanisms provide fine-grained control over who can access and perform actions on the resources in your bucket.
Section 2: IAM Permissions and ACLs
3.1. IAM Permissions:
IAM permissions are more powerful and flexible for managing access control at a broader level, allowing you to assign roles to users, groups, or service accounts across the entire Google Cloud Platform. IAM roles are granted at the project or bucket level.
- IAM roles are assigned at bucket level and applied to all objects within the bucket.
- Assign predefined roles with specific permissions to control access (e.g., read, write, delete) at the bucket level.
- IAM allows for more fine-grained access control compared to ACLs.
3.2. Access Control Lists (ACLs):
- ACLs are used to control access of individual buckets or objects and each bucket and object has its own ACL that can be managed independently.
- The ACL entry identifies the grant (e.g., `READER`, `WRITER`, `OWNER`) and a role or group to which the grant applies.
- You can specify support for bucket owners, project groups, specific Google accounts, Google groups, and more.
FAQs on Google Cloud Bucket
1. Who Can Access My Cloud Bucket?
It depends on what permissions you have given to users. You have full control to choose who can access you Cloud Bucket or who can’t.
2. Which Type Of Access Control Should I Choose Uniformed Or Fine Grained?
It is recommended to use Uniform access control because it has low chance of data exposure but if you want to use fine grained access control make sure to set permissions at object level properly.