Google cloud load balancer dynamically adding backend buckets

Question

Goal: For example, users could create courses which has resources such as images, videos etc. I want to restrict access to them using signed cookies. i.e. resources on /courses/1 will only be accessible to logged-in users who have a valid signed cookie.

Background I'll be creating a bucket of media files per course based on https://cloud.google.com/storage/docs/access-control#recommended_bucket_architecture.

Where I am stuck

How to add backend buckets to the load balancer dynamically since I could only add them in the console
How to use the same signing key for all buckets for easy maintenance https://cloud.google.com/cdn/docs/using-signed-cookies#creatingkeys. It seems like I need to manually create a key for each bucket.

So is there a standard way to do these or am I thinking about this whole architecture wrong since this won't scale without automation?

score 2 · Accepted Answer · answered Nov 24 '20 at 09:35

2

You will be limited to 50 path rules as mentioned in the Quotas, limited to 50 courses. I hope you expect more than this!!

So, this pattern isn't suitable for your use case. You need to use the same bucket and to control access with a backend app. And then to generated SignedUrl for the resources requested by the users

answered Nov 24 '20 at 09:35

guillaume blaquiere

66,369
2
47
76

1

Thanks for your insight! I was reallly hoping there would be a proven way to do this, especially since using signed urls for a lot of resources also doesn't sound great as explained in the docs. – clouddreams Nov 24 '20 at 15:17

Google cloud load balancer dynamically adding backend buckets

1 Answers1