I have a bucket <my-bucket> in google cloud storage. It has public access and serves all assets and static files for our website. All works fine. But I don't like that on the url https://storage.googleapis.com/<my-bucket> it shows the document tree with all the objects in the bucket.
How can I prevent it? I tried putting index.html file to the bucket root it doesn't work.
Prevent gcloud public bucket from listing all objects
Asked Answered
You should be able to apply the "Cloud Storage Legacy - Storage Legacy Object Reader" role instead of "Cloud Storage - Storage Object Viewer" for allUsers, since the former does not include permissions to list objects in a bucket.
https://cloud.google.com/storage/docs/access-control/making-data-public#buckets
Great! I wonder though what Google's reason for making this 'Legacy' is? Seems to me the use case of having all objects in a bucket public, without listing permission, is a very common one. I'm a bit concerned a legacy rule will move to deprecated eventually... –
Counterforce
@Counterforce I believe it's just a naming thing. I remember reading a comment here where someone said "Legacy" in this case just means first generation (pre-IAM), compared to the newer fine-grained IAM roles. These legacy roles have been around for years now and I haven't seen any news of them going away. –
Mohun
One way to do it is to use the legacy "Storage Legacy Object Reader" Permission which only allows "storage.objects.get": https://cloud.google.com/storage/docs/access-control/iam-roles
Personally I do not like using the Legacy rules so I created my own rule for this: IAM & Admin -> Roles -> + Create role
And I only gave it the objects get permission:
Then in the bucket permissions I assigned that rule to "allUsers":
Also if you have multiple public buckets using this method you can later change the permissions for that rule in one place
© 2022 - 2024 — McMap. All rights reserved.