Google Cloud Storage authentication: restrict permissions without creating additional Google Accounts

530 views Asked by At

I want to backup multiple servers using Google Cloud Storage. Each server needs access to the bucket containing his backups. A server should not have access to the bucket of any other server.

I have used Amazon S3 before and simply created one user per server in IAM and assigned a policy to the user that allows accessing a specific bucket.

On Google Cloud Storage it seems like Authentication is based on Google Accounts and OAuth 2.0 so every server uses the same Google Account (mine) and the result is that every server has full access to all buckets.

How to give each server his own access credentials (that has access to his own bucket only) without the need to create a new Google Account for each server?

1

There are 1 answers

0
Faizan On BEST ANSWER

You can create/use service accounts for each bucket and use them to authenticate access to storage bucket from your Google Compute Engine instance. You can limit the access you your bucket by changing the bucket ACLs to allow the access to service account only.