Granting Access to Google Cloud Storage Objects with Signed URLs

Lab Steps

lock
Signing In to the Google Cloud Console
lock
Authenticating gcloud in the Lab's Virtual Machine
lock
Creating a Service Account Key using gcloud
lock
Creating a Signed URL for Cloud Storage Objects

The hands-on lab is part of these learning paths

Ready for the real environment experience?

DifficultyIntermediate
Time Limit45m
Students513
Ratings
4.5/5
starstarstarstarstar-half

Description

Signed URLs are URLs with query string authentication parameters that grant access to buckets and objects stored in Google Cloud Storage. Signed URLs grants access to Cloud Storage for a given amount of time. Anyone with the signed URL can access the objects until the signed URL expires. This is particularly useful for granting access to individuals outside of your organization.

In this Lab, you will learn the mechanics of creating signed URLs using the gcloud CLI. You will also fully understand the capabilities and limitations of signed URLs.

Lab Objectives

Upon completion of this Lab you will be able to:

  • Explain when signed URLs are the right choice among the alternatives for granting access to Google Cloud Storage object
  • Understand the requirements for generating signed URLs
  • Use signed URLs to grant access to Google Cloud Storage objects for a limited time
  • Revoke access to Google Cloud Storage objects accessed via a signed URL
  • Debug common issues related to creating signed URLs

Lab Prerequisites

You should be familiar with:

  • Working at the command line in Linux
  • Managing Google Cloud Storage resources with gsutil

The following Labs are recommended for satisfying the prerequisites:

Updates

September 9th, 2021 - Update the VM's Debian host version

September 9th, 2019 - Lab content updated to reflect the latest gsutil experience

Environment before
PREVIEW
arrow_forward
Environment after
PREVIEW
About the Author
Students107861
Labs176
Courses9
Learning paths29

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.