Bobcares

Private GCS Bucket Access through Google Cloud CDN | Guide

by | Nov 11, 2024

Private GCS Bucket Access through Google Cloud CDN refers to the configuration where we use Google Cloud CDN (Content Delivery Network) to serve content stored in a private Google Cloud Storage (GCS) bucket. At Bobcares, with our Google Cloud Platform Support Service, we can handle the issues.

Overview
  1. Private GCS Bucket Access through Google Cloud CDN
  2. Basic Concepts
  3. How to Set Up Private GCS Bucket Access with Cloud CDN?
  4. Benefits of Using Cloud CDN with a Private GCS Bucket
  5. Conclusion

Private GCS Bucket Access through Google Cloud CDN

The term “private GCS Bucket Access through Google Cloud CDN” describes a setup in which content stored in a private Google Cloud Storage (GCS) bucket is served via Google Cloud CDN (Content Delivery Network), guaranteeing that the content is cached and distributed globally, but only to authorized users or applications. Fine-grained access control and effective, safe, and high-performance content delivery are made possible by this configuration.

private gcs bucket access through google cloud cdn

Basic Concepts

  • Google Cloud Storage (GCS) Buckets: GCS buckets are storage spaces in the cloud for storing data. They can be public (accessible to everyone) or private (restricted access).
  • Private Buckets: Only specific users or applications can access a private bucket. Access is controlled through Identity and Access Management (IAM) roles or by using special links called signed URLs.
  • Google Cloud CDN: Google Cloud CDN is a service that speeds up content delivery by caching data closer to users through Google’s global network.
  • Using CDN with GCS Buckets: Pairing Google Cloud CDN with a GCS bucket helps deliver files like images or videos quickly, from locations closer to users.

Private GCS Bucket and CDN: With private GCS buckets, direct access is limited. To allow the CDN to deliver content while keeping it private, access is managed using IAM roles, signed URLs, or signed cookies. This setup lets the CDN cache content without compromising the bucket’s privacy.

How to Set Up Private GCS Bucket Access with Cloud CDN?

1. Create a Private GCS Bucket

i. Set up the GCS bucket as private (no public access).

ii. Disable all public access policies to enforce privacy:

gsutil iam ch -d allUsers:objectViewer gs://your-bucket

iii. Use IAM policies or signed URLs to control access to objects.

2. Set Up Cloud CDN with a Load Balancer

i. Create a backend bucket that points to the private GCS bucket:

gcloud compute backend-buckets create [BACKEND_BUCKET_NAME] --gcs-bucket-name=your-private-bucket

ii. Enable CDN on the backend bucket to cache content at Google’s edge locations:

gcloud compute backend-buckets update [BACKEND_BUCKET_NAME] --enable-cdn

3. Authenticate CDN Requests with Signed URLs or Cookies

Signed URLs: Generate a URL that grants temporary access to specific objects.

gsutil signurl -d 10m [PRIVATE_KEY_FILE] gs://your-bucket/your-object

Signed Cookies: For authorizing access to multiple objects or a range of content.

4. Control Access via IAM

Give the Load Balancer’s service account permission to view objects:

gsutil iam ch serviceAccount:[LOAD_BALANCER_SERVICE_ACCOUNT]:roles/storage.objectViewer gs://your-private-bucket

5. Testing and Validation

i. Test the setup by accessing the signed URL or using signed cookies.

ii. Ensure that unauthorized requests are denied, while valid signed URLs/cookies grant access.

Benefits of Using Cloud CDN with a Private GCS Bucket

  • Google Cloud CDN speeds up content delivery by storing copies of the files (like images and videos) at locations closer to users, reducing delay.
  • Keeping the GCS bucket private means only approved users can access the content, even when served through the CDN. Temporary access is granted through signed URLs or cookies.
  • This setup can handle large numbers of users worldwide without losing speed or security.
  • By caching popular files, Cloud CDN reduces the load on the GCS bucket, helping lower data transfer and storage costs.

[Need to know more? We’re available 24/7.]

Conclusion

To sump up, the article offers the steps to set up Private GCS Bucket Access with Cloud CDN. Our Tech team can always offer additional help with your Private GCS Bucket Access through Google Cloud CDN

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF