Top / Google Cloud Platform / Google Cloud Storage / Object ACL

Google Cloud Storage Object ACL

This page shows how to write Terraform for Cloud Storage Object ACL and write them securely.

terraform-logo

Review your .tf file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

google_storage_object_acl (Terraform)

The Object ACL in Cloud Storage can be configured in Terraform with the resource name google_storage_object_acl. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L71
resource "google_storage_object_acl" "index_acl" {
  bucket      = module.static_site.website_bucket_name
  object      = google_storage_bucket_object.index.name
  role_entity = ["READER:allUsers"]
}
main.tf#L69
resource "google_storage_object_acl" "index_acl" {
  bucket      = module.static_site.website_bucket_name
  object      = google_storage_bucket_object.index.name
  role_entity = ["READER:allUsers"]
}
main.tf#L44
resource "google_storage_object_acl" "index_acl" {
  bucket      = module.www_site.website_bucket_name
  object      = google_storage_bucket_object.index.name
  role_entity = ["READER:allUsers"]
}
main.tf#L71
resource "google_storage_object_acl" "index_acl" {
  bucket      = module.static_site.website_bucket_name
  object      = google_storage_bucket_object.index.name
  role_entity = ["READER:allUsers"]
}

Review your Terraform file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Authoritatively manages the access control list (ACL) for an object in a Google Cloud Storage (GCS) bucket. Removing a google_storage_object_acl sets the acl to the private predefined ACL. For more information see the official documentation and API. -> Want fine-grained control over object ACLs? Use google_storage_object_access_control to control individual role entity pairs.

>> from Terraform Registry

Tips: Best Practices for The Other Google Cloud Storage Resources

In addition to the google_storage_bucket, Google Cloud Storage has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

google_storage_bucket

Ensure uniform bucket-level access of your GCS bucket is enabled

It is better to enable uniform bucket-level access of the GCS bucket. Uniform bucket-level access unifies and simplifies how you grant access to resources in the bucket.

Review your Google Cloud Storage settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

The Other Related Google Cloud Storage Resources

Frequently asked questions

What is Google Cloud Storage Object ACL?

Google Cloud Storage Object ACL is a resource for Cloud Storage of Google Cloud Platform. Settings can be wrote in Terraform.

Where can I find the example code for the Google Cloud Storage Object ACL?

For Terraform, the dg-infrastructure/terraform-google-static-assets, Maxar-Corp/terraform-google-static-assets and wosome/www source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents