3

I am getting the following error while creating and configuring a Load Balancer in GCP. The issue seems to be related to the creation of the Backend bucket due that i am receiving the following error:

Access denied to the Cloud Storage bucket '[NAME of THE Bucket].

The bucket has allUser access permission for public access and is configured as a web site.

Can anyone help me?

iminiki
  • 2,549
  • 12
  • 35
  • 45
ignacio rosa
  • 51
  • 3
  • Hi @ignacio rosa if this or any answer has solved your question or helped you to do it, please consider accepting it or voting it up [How does accepting an answer work?](https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work) by clicking the check-mark or the up arrow. This indicates to the wider community that you've found a solution and gives some reputation to both the answerer and yourself. There is no obligation to do this. – Nestor Daniel Ortega Perez Feb 23 '22 at 16:14

3 Answers3

2

The problem was that i was trying to configure a HTTPS Load Balancer meanwhile i had already configured a HTTP Load balancer with a redirection rule to HTTPS.

I solved the issue deleting the rule from the HTTP Load Balancer before creating the HTTPS Load Balancer. After creating succesfully the Load balancer i configured again the HTTP load balancer to redirect the traffic to HTTPS.

Both load balancer where using the same IP to redirect the traffic but for different protocols (HTTP and HTTPS)

  • Load balancer 1 : HTTP://IP:80 -> HTTPS://IP:443
  • Load balancer 2 : HTTPS://IP:443 -> Backend Bucket
ignacio rosa
  • 51
  • 3
1

First of all, please confirm that the current setting is the required one and that it was correctly set up by checking that the credentials are correct: i.e., if you are using gsutil, check that the credentials stored in your .boto file are accurate. Also, confirm that gsutil is using the .boto file you expect by using the command gsutil version -l and checking the config path(s) entry.

If the credentials are correct, then verify if your requests are being routed through a proxy, using HTTP (instead of HTTPS). If so, check whether your proxy is configured to remove the Authorization header from such requests. If so, make sure you are using HTTPS instead of HTTP for your requests.

Finally, go to the console and click on "Set bucket permissions" in the bucket's menu. Enter "allUsers" in Add Members, and assign Role -> Storage -> Storage Object Viewer.

Or, if you prefer to use gsutil, running gsutil -m acl set -R -a public-read gs://bucket should set access on all files in that bucket to the public. To set default permissions on the bucket in order to make those files public by default when they're added, use gsutil defacl set public-read gs://bucket.

You can use the following GCP’s Official Documentation and the following thread as a reference.

Nestor Daniel Ortega Perez
  • 1,046
  • 3
  • 10
0

To anybody else experiencing this, it may also be the case that your account is missing the necessary permissions.

Ensure that in your Projec IAM, your account has the following permissions:

  • Compute Network Admin
  • Storage Object Admin

Both of those permissions must be enabled. This is true regardless of the other roles you have been assigned. In other words, it is not enough to be the project Owner. These two permissions must be added separately.

TheHiggsBroson
  • 1,410
  • 1
  • 11
  • 19