I have a cloud storage bucket serving static content. In front of that I have provisioned a load balancer which serves the static content over SSL. Is it possible to put a IAP in front of the load balancer to secure the content being served in the bucket?
[Edited, I was wrong, it's not ready yet]
At the moment you can only attach IAP to a load balancer that's in front of App Engine, Kubernetes or Compute Engine backends. We're working on changing that, but it's not ready yet. Cloud storage buckets aren't yet available for IAP direct protection.
If you put up a front-end using GAE, GKE or GCE you can then protect the content with IAP. And there's documentation to help.
The How-to guide Setting up a load balancer should cover what you need to do to add IAP to your existing Load Balancer so you can restrict serving to only identities you choose. This will be useful if they have Google identities already, so you can say "Only my finance department can get access to this data" for example.
If you want more detail about the IAP flow, check out the conceptual overview. IAP acts as a feature for the Load Balancer, extending it to be identity-aware (hence the name).