Google Cloud Storage Default Object ACL
This page shows how to write Terraform for Cloud Storage Default Object ACL and write them securely.
google_storage_default_object_acl (Terraform)
The Default Object ACL in Cloud Storage can be configured in Terraform with the resource name google_storage_default_object_acl
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "google_storage_default_object_acl" "tfer--trip-002D-planner-002D-gcs" {
bucket = "trip-planner-gcs"
role_entity = ["READER:project-viewers-1078932510854", "OWNER:project-editors-1078932510854", "OWNER:project-owners-1078932510854"]
}
resource "google_storage_default_object_acl" "tfer--trip-002D-planner-002D-storage" {
resource "google_storage_default_object_acl" "this" {
bucket = var.bucket
role_entity = var.role_entity
}
resource "google_storage_default_object_acl" "this" {
bucket = google_storage_bucket.this.name
role_entity = var.role_entity
}
resource "google_storage_default_object_acl" "default_object_acl" {
bucket = google_storage_bucket.bucket.name
role_entity = ["READER:allUsers"]
}
resource "google_compute_global_forwarding_rule" "forwarding_rule" {
resource "google_storage_default_object_acl" "testing" {
bucket = "testing"
role_entity = ["OWNER:project-editors-307194479120", "OWNER:project-owners-307194479120", "READER:project-viewers-307194479120"]
}
Parameters
-
bucket
required - string -
id
optional computed - string -
role_entity
optional computed - set of string
Explanation in Terraform Registry
Authoritatively manages the default object ACLs for a Google Cloud Storage bucket without managing the bucket itself. -> Note that for each object, its creator will have the
"OWNER"
role in addition to the default ACL that has been defined. For more information see the official documentation and API. -> Want fine-grained control over default object ACLs? Usegoogle_storage_default_object_access_control
to control individual role entity pairs.
Tips: Best Practices for The Other Google Cloud Storage Resources
In addition to the google_storage_bucket, Google Cloud Storage has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
google_storage_bucket
Ensure uniform bucket-level access of your GCS bucket is enabled
It is better to enable uniform bucket-level access of the GCS bucket. Uniform bucket-level access unifies and simplifies how you grant access to resources in the bucket.
Frequently asked questions
What is Google Cloud Storage Default Object ACL?
Google Cloud Storage Default Object ACL is a resource for Cloud Storage of Google Cloud Platform. Settings can be wrote in Terraform.
Where can I find the example code for the Google Cloud Storage Default Object ACL?
For Terraform, the tsm2k/terraform_deploy, niveklabs/google and jdpleiness/terraform-google-storage-static-website source code examples are useful. See the Terraform Example section for further details.