Menu
I have created a bucket with Google Cloud Deployment Manager ( see below ) but the permissions part is ignored and I could not find any example of setting IAM on while using Google Cloud Deployment Manager. Can you help?
resources:
- name: {{ env["name"] }}
type: storage.v1.bucket
properties:
kind: storage#bucket
location: eu
storageClass: MULTI_REGIONAL
iam-policy:
bindings:
- role: roles/storage.objectViewer
members:
- allUsers
566
asked Nov 25 '25 07:11
You can now decorate deployment manager objects with IAM bindings. Something like this should work:
- name: <BUCKETNAME>
type: storage.v1.bucket
properties:
storageClass: REGIONAL
location: us-west1
accessControl:
gcpIamPolicy:
bindings:
- role: roles/storage.objectViewer
members:
- "serviceAccount:<YOURSERVICEACCOUNT>"
- role: roles/storage.legacyBucketOwner
members:
- "projectEditor:<YOURPROJECT>"
- "projectOwner:<YOURPROJECT>"
- role: roles/storage.legacyBucketReader
members:
- "projectViewer:<YOURPROJECT>"
See https://cloud.google.com/deployment-manager/docs/configuration/set-access-control-resources for more information. Please note that IAM bindings are related but different from a bucket ACL and/or object ACLs. See https://cloud.google.com/storage/docs/access-control/ for more information on access control for GCS.
Also note that you will want to include the FULL set of IAM bindings in the aforementioned example.
165
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
