blog

12021-08-27

SEAN K.H. LIAO

Google Cloud Storage

You get a bucket, you can put things in.

access control

When you setup a bucket you get 2 options:

fine grained

In this mode, permissions are granted through both IAM and ACLs.

ACLs consist of pairs of role (READER, WRITER, OWNER) and entity, attached to either the bucket or an object. This is by default quite lax.

In this mode the iam roles/storage.legacy* roles are special, turning IAM roles into bucket level ACLs, you'll see an ACL entry for each IAM role grant.

uniform

Here, permissions are granted as roles via IAM Pretty straightforward.