Skip to content

googleStorageObjectAcl

Authoritatively manages the access control list (ACL) for an object in a Google Cloud Storage (GCS) bucket. Removing a googleStorageObjectAcl sets the acl to the private predefined ACL.

For more information see the official documentation and API.

-> Want fine-grained control over object ACLs? Use googleStorageObjectAccessControl to control individual role entity pairs.

Example Usage

Create an object ACL with one owner and one reader.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleStorageBucketImageStore = new google.storageBucket.StorageBucket(
  this,
  "image-store",
  {
    location: "EU",
    name: "image-store-bucket",
  }
);
const googleStorageBucketObjectImage =
  new google.storageBucketObject.StorageBucketObject(this, "image", {
    bucket: googleStorageBucketImageStore.name,
    name: "image1",
    source: "image1.jpg",
  });
new google.storageObjectAcl.StorageObjectAcl(this, "image-store-acl", {
  bucket: googleStorageBucketImageStore.name,
  object: googleStorageBucketObjectImage.outputName,
  role_entity: ["OWNER:user-my.email@gmail.com", "READER:group-mygroup"],
});

Argument Reference

  • bucket - (Required) The name of the bucket the object is stored in.

  • object - (Required) The name of the object to apply the acl to.

  • predefinedAcl - (Optional) The "canned" predefined ACL to apply. Must be set if roleEntity is not.

  • roleEntity - (Optional) List of role/entity pairs in the form role:entity. See GCS Object ACL documentation for more details. Must be set if predefinedAcl is not.

-> The object's creator will always have owner permissions for their object, and any attempt to modify that permission would return an error. Instead, Terraform automatically adds that role/entity pair to your terraformPlan results when it is omitted in your config; terraformPlan will show the correct final state at every point except for at create time, where the object role/entity pair is omitted if not explicitly set.

Attributes Reference

Only the arguments listed above are exposed as attributes.

Import

This resource does not support import.