Tip: Making a Google Cloud Storage bucket or file public
Google Cloud Storage is the ideal product to store your object files (binary files, pictures, audio/video assets, and more).
Until recently, there was an option in the Google cloud console with a checkbox to quickly make a file or bucket public. However, and I would add “unfortunately”, users tended to inadvertently clicking the checkbox, thus making potentail confidential assets public. So this risky, but easy, option, has been removed to avoid any unwanted data leak.
However, of course, it’s still possible to make buckets or files stored in Cloud Storage public. But you can’t do it without paying attention! As I never quite remember how to do that (in spite of the linked documentation easily found with a quick Google search), I decided to highlight with a few screenshots how to achieve that!
I assume you already have or created a GCP project, and you also have a bucket full of assets that you want to make public, because you need to share them on the Web, for your mobile application, etc.
To illustrate this tip, let’s have a look at the GCP cloud console:
Making a file public
First, we’ll have a look at making a single file public.
You’ll have to click the vertical triple dot icon on the right of the screen, and click on “Edit permissions”:
Making a bucket public
Instead of doing this for each individual file, you can also do the same at the bucket level, to give read access to the bucket and all its files in one go.
From the object browser, click on the “Permissions” tab. You will have to add the “allUsers” members the Storage Object Viewer role:
Now if you head back to the file browser, you’ll see all the files have the little warning icon telling you the resource is publicly accessible.
For command-line gurus
I showed the visual approach from the cloud console… but there’s a one-liner you can use, thanks to the gsutil command.
For an individual file:
gsutil acl ch -u AllUsers:R gs://[BUCKET_NAME]/[OBJECT_NAME]
For a whole bucket:
gsutil iam ch allUsers:objectViewer gs://[BUCKET_NAME]
(Where you replace [BUCKET_NAME] with your project name, and [OBJECT_NAME] with the file name)
There’s also a REST API that you can use to handle your buckets and file, as well as different client libraries in different languages that you can use as well.