1

I have hosted website(index.html) in gcs bucket keeping bucket private not accessible to internet. also configured global https loadbalancer with cloud cdn enabled.but when i try to hit loadbalancer's IP getting accessed denied error. although i have given the permission at bucket level to cdn's service account as storage.object.viewer.

can someone help?

Shrus
  • 11
  • 1
  • Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. – Community Mar 09 '23 at 16:20
  • You can't, the bucket should be public always. Cloud CDN knows nothing about permissions so giving it permission to read the bucket has no effect – Puteri Mar 10 '23 at 09:21
  • @Puteri but it seems possible in aws by adding own custom policy .so is there any alternative in gcp? – Shrus Mar 10 '23 at 11:07
  • Not really. The alternative would be adding something that works as proxy and reads the content of the bucket. The thing is that at the end making the bucket private but the content public doesn’t have much sense at all even if this can be done in AWS. What are you trying to achieve by setting the bucket private? – Puteri Mar 10 '23 at 12:18
  • @Puteri Once scenario is where the load balancer is behind an IAP (Identity aware proxy). Files need to be made available to the load balancer only. And served to the user if they pass the auth in IAP. – charsi Aug 26 '23 at 01:46

0 Answers0