GCP Bucket Target Permissions

To add a GCP bucket as a target within Trilio for Kubernetes (T4K), specific bucket permissions are required. Follow the steps below to configure the necessary permissions:

Steps

1. Create a custom role with the following permissions:

# Permission list
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
storage.objects.update

# GCloud command
gcloud iam roles create <ROLE-NAME> --project=<PROJECT-ID> \
    --title="t4k-gcp-target-role" --description="Role with required GCP bucket access for T4K target" \
    --permissions="storage.objects.create,storage.objects.delete,storage.objects.get,storage.objects.list,storage.objects.update" --stage=GA

1. Associate the created role with a service account whose access key and secret key will be used when creating the target in T4K.

2. If the service account does not have an access key and secret key, follow this guide to generate a new access key and secret key, which are required when creating the target.