Search code examples
google-cloud-platformgoogle-cloud-storageterraformterraform-provider-gcpterraform-template-file

Want to deploy a storage bucket with public readable storage object permission in GCP using terraform

I created a terraform file to create a Google Storage bucket with public readable Storage object permission. I am able to deploy the Storage bucket but can't assign the proper ACL against my template, I found some errors for ACL part.

provider "google-beta" {
  project = "${var.project}"
}

 resource "google_storage_default_object_access_control" "public_rule" {
  bucket = "google_storage_bucket.test-${var.project}"
  role   = "READER"
  entity = "allUsers"
 }

resource "google_storage_bucket" "bucket" {
  name = "test-${var.project}"
  storage_class = "standard"
  location = "US"
}

ERROR: attached enter image description here

if anyone can help me to assign permission at the time of bucket creation, will be greatfull.

Solution

  • The following setup resolved my issue:

    provider "google-beta" {
  project = "${var.project}"
}

data "google_iam_policy" "viewer" {
  binding {
    role = "roles/storage.objectViewer"
    members = [
        "allUsers",
    ] 
  }
}

resource "google_storage_bucket_iam_policy" "editor" {
  bucket = "${google_storage_bucket.bucket.name}"
  policy_data = "${data.google_iam_policy.viewer.policy_data}"
}

resource "google_storage_bucket" "bucket" {
  name = "${var.project}-xxxx"
  storage_class = "xxxxx"
  location = "xxxxxxx"
}