Granting Access to Google Cloud Storage Objects with Signed URLs

Ready for the real environment experience?



Lab Overview

Signed URLs are URLs with query string authentication parameters that grant access to buckets and objects stored in Google Cloud Storage. Signed URLs grants access to Cloud Storage for a given amount of time. Anyone with the signed URL can access the objects until the signed URL expires. This is particularly useful for granting access to individuals outside of your organization.

In this Lab, you will learn the mechanics of creating signed URLs using the gcloud CLI. You will also fully understand the capabilities and limitations of signed URLs.

Lab Objectives

Upon completion of this Lab you will be able to:

  • Explain when signed URLs are the right choice among the alternatives for granting access to Google Cloud Storage object
  • Understand the requirements for generating signed URLs
  • Use signed URLs to grant access to Google Cloud Storage objects for a limited time
  • Revoke access to Google Cloud Storage objects accessed via a signed URL
  • Debug common issues related to creating signed URLs

Lab Prerequisites

You should be familiar with:

  • Working at the command line in Linux
  • Managing Google Cloud Storage resources with gsutil

The following Labs are recommended for satisfying the prerequisites:

Environment before
Environment after

About the Author

Learning paths3

Logan has been involved in software development and research for over eleven years, including six years in the cloud. He is an AWS Certified DevOps Engineer - Professional, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, and Certified Kubernetes Administrator (CKA). He earned his Ph.D. studying design automation and enjoys all things tech.