Skip to content

googleStorageDefaultObjectAcl

Authoritatively manages the default object ACLs for a Google Cloud Storage bucket without managing the bucket itself.

-> Note that for each object, its creator will have the "owner" role in addition to the default ACL that has been defined.

For more information see the official documentation and API.

-> Want fine-grained control over default object ACLs? Use googleStorageDefaultObjectAccessControl to control individual role entity pairs.

Example Usage

Example creating a default object ACL on a bucket with one owner, and one reader.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleStorageBucketImageStore = new google.storageBucket.StorageBucket(
  this,
  "image-store",
  {
    location: "EU",
    name: "image-store-bucket",
  }
);
new google.storageDefaultObjectAcl.StorageDefaultObjectAcl(
  this,
  "image-store-default-acl",
  {
    bucket: googleStorageBucketImageStore.name,
    role_entity: ["OWNER:user-my.email@gmail.com", "READER:group-mygroup"],
  }
);

Argument Reference

  • bucket - (Required) The name of the bucket it applies to.
  • roleEntity - (Optional) List of role/entity pairs in the form role:entity. See GCS Object ACL documentation for more details. Omitting the field is the same as providing an empty list.

Attributes Reference

Only the arguments listed above are exposed as attributes.

Import

This resource does not support import.