Google Cloud Storage Object ACL
This page shows how to write Terraform for Cloud Storage Object ACL and write them securely.
google_storage_object_acl (Terraform)
The Object ACL in Cloud Storage can be configured in Terraform with the resource name google_storage_object_acl
. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "google_storage_object_acl" "index_acl" {
bucket = module.static_site.website_bucket_name
object = google_storage_bucket_object.index.name
role_entity = ["READER:allUsers"]
}
resource "google_storage_object_acl" "index_acl" {
bucket = module.static_site.website_bucket_name
object = google_storage_bucket_object.index.name
role_entity = ["READER:allUsers"]
}
resource "google_storage_object_acl" "index_acl" {
bucket = module.www_site.website_bucket_name
object = google_storage_bucket_object.index.name
role_entity = ["READER:allUsers"]
}
resource "google_storage_object_acl" "index_acl" {
bucket = module.static_site.website_bucket_name
object = google_storage_bucket_object.index.name
role_entity = ["READER:allUsers"]
}
Parameters
-
bucket
required - string -
id
optional computed - string -
object
required - string -
predefined_acl
optional - string -
role_entity
optional computed - set of string
Explanation in Terraform Registry
Authoritatively manages the access control list (ACL) for an object in a Google Cloud Storage (GCS) bucket. Removing a
google_storage_object_acl
sets the acl to theprivate
predefined ACL. For more information see the official documentation and API. -> Want fine-grained control over object ACLs? Usegoogle_storage_object_access_control
to control individual role entity pairs.
Tips: Best Practices for The Other Google Cloud Storage Resources
In addition to the google_storage_bucket, Google Cloud Storage has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
google_storage_bucket
Ensure uniform bucket-level access of your GCS bucket is enabled
It is better to enable uniform bucket-level access of the GCS bucket. Uniform bucket-level access unifies and simplifies how you grant access to resources in the bucket.
Frequently asked questions
What is Google Cloud Storage Object ACL?
Google Cloud Storage Object ACL is a resource for Cloud Storage of Google Cloud Platform. Settings can be wrote in Terraform.
Where can I find the example code for the Google Cloud Storage Object ACL?
For Terraform, the dg-infrastructure/terraform-google-static-assets, Maxar-Corp/terraform-google-static-assets and wosome/www source code examples are useful. See the Terraform Example section for further details.