I've successfully deployed a static website on a Google Cloud Storage bucket and configured it as the backend for an external application load balancer within Google Cloud Platform. I'm now seeking a way to restrict access to the GCS bucket, allowing only the GCP load balancer to reach it.
is it possible to restrict access to GCS bucket from GCP load balancer only?
240 Views Asked by BT3 At
1
There are 1 best solutions below
Related Questions in GOOGLE-CLOUD-PLATFORM
- Why do I need to wait to reaccess to Firestore database even though it has already done before?
- Unable to call datastore using GCP service account key json
- Troubleshooting Airflow Task Failures: Slack Notification Timeout
- GoogleCloud Error: Not Found The requested URL was not found on this server
- Kubernetes cluster on GCE connection refused error
- Best way to upload images to Google Cloud Storage?
- Permission 'storage.buckets.get' denied on resource (or it may not exist)
- Google Datastream errors on larger MySQL tables
- Can anyone explain the output of apache-beam streaming pipeline with Fixed Window of 60 seconds?
- Parametrizing backend in terraform on gcp
- Nonsense error using a Python Google Cloud Function
- Unable to deploy to GAE from Github Actions
- Assigned A record for Subdomain in Cloud DNS to Compute Engine VM instance but not propagated/resolved yet
- Task failure in DataprocCreateClusterOperator when i add metadata
- How can I get the long running operation with google.api_core.operations_v1.AbstractOperationsClient
Related Questions in GOOGLE-CLOUD-STORAGE
- Permission 'storage.buckets.get' denied on resource (or it may not exist)
- Parametrizing backend in terraform on gcp
- Download file from GCP bucket without using decompressive transcoding by default
- CORS Error When Fetching File From Firebase Storage
- Google cloud storage: move specific zip files from one bucket to another
- Flutter upload file to Firebase storage
- Deploy Springboot app on heroku which is using google storage services
- List all the files in firebase storage date wise and zip it using cloud function
- How to Handle NUL (ASCII 0) Data Error When Loading TSV GZIP File from Google Cloud Storage into BigQuery
- getting ValueError: Cannot determine path without bucket name
- GCP Workload Identity Federation in java
- How to find a file with specific file name pattern in GCS bucket using Python
- getSignedURL() called from firebase cloud function gives permission denied error ( firebase-functions v2)
- Clone/ Backups for BigQuery Project
- NGINX won't run alongside Google Cloud Storage FUSE in Docker container
Related Questions in GOOGLE-CLOUD-LOAD-BALANCER
- How to debug hashicorp vault timeouts?
- GCP Load Balancer + Cloud Run: Where is extra latency coming from?
- Website works with 'www' but not without it
- Traffic from Google L7 cloud load balancer to istio-gateway
- Only allow traffic from a GCP load balancer to a VM
- GCP External Global Load Balancer Serverless Health Check
- Implementing health check for a website hosting in GCS bucket
- Serving video files using Cloud Storage and Cloud CDN
- Basic Application Connection Refused on GKE Load Balancer
- Strip the .html extension from webpages
- Facing issue with SSL in GCP External loadbalancer
- Traffic distribution inside an GCP instance group
- How to use google cloud load balance with cloudflare DNS proxy
- path rules in load balancer
- is it possible to restrict access to GCS bucket from GCP load balancer only?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
I agreed with what @JohnHanley said.
Consider your reasons for wanting to restrict access and have the user go through a load balancer. That will raise expenses and potentially reduce performance (cache refresh, etc.).
Cloud storage is extremely reliable and resistant to errors. Sometimes it makes sense to use Cloud CDN just make sure you've looked over your choices.
As per this official doc
You must add the Cloud CDN service account to Cloud Storage ACLs in order to grant Cloud CDN permission to read the objects if you utilize Cloud Storage and have restricted who can read them.
The creation of the service account is not required. When you add a key to a backend bucket in a project for the first time, the service account is automatically established.
Refer to this official doc for cloud CDN Pricing
you can also use media cdn to prevent unauthorized access
For more information refer to this gitlink