Currently I try to use Google's CDN to reduce the traffic to my Google cloud storage.
I followed the doc to configure the CDN and the bucket, first for public access, then for private access with signed urls doc
/edit steps I made:
- Created a bucket, copied a file into it and made it public accessible.
- Reserved an external ip adress.
- Created a load balancer with, created a backed bucket which can access the bucket.
After that the files are available via CDN.
After that I made the following changes:
- Added a singing key to the backend bucket.
When I use the bucket url to generate a signed url with the gcloud tool I am able to access the files:
gcloud compute sign-url \
"https://storage.cloud.google.com/*/sampleFile" \
--key-name test-sign \
--key-file test-sign \
--expires-in 30m \
--validate
Now should be a service account automatically added, but when I run:
gsutil iam ch \
serviceAccount:[email protected]:objectViewer \
gs://MYBUCKET
there is an error:
400 Service account [email protected] does not exist.
I tried to create an account manually and add it to the bucket, but when I try to access the urls via CDN there is an error:
403. That’s an error. Your client does not have permission to get URL /example-signed/SampleFile.jpg from this server. That’s all we know.
I think that the CDN does not have access to my bucket. According to the instructions, this should happen via the service account, which should be created "automatically" in the following step.
I have now tried several times, but nowhere is a service account created for me. I have now manually created a service account, but I do not know how to assign it to the CDN.
Someone has a hint for me?