Granting Access to Google Cloud Storage Objects with Signed URLs
Signed URLs are URLs with query string authentication parameters that grant access to buckets and objects stored in Google Cloud Storage. Signed URLs grants access to Cloud Storage for a given amount of time. Anyone with the signed URL can access the objects until the signed URL expires. This is particularly useful for granting access to individuals outside of your organization.
In this lab, you will learn the mechanics of creating signed URLs using the gcloud CLI. You will also fully understand the capabilities and limitations of signed URLs.
Lab Objectives
Upon completion of this lab you will be able to:
- Explain when signed URLs are the right choice among the alternatives for granting access to Google Cloud Storage object
- Understand the requirements for generating signed URLs
- Use signed URLs to grant access to Google Cloud Storage objects for a limited time
- Revoke access to Google Cloud Storage objects accessed via a signed URL
- Debug common issues related to creating signed URLs
Lab Prerequisites
You should be familiar with:
- Working at the command line in Linux
- Managing Google Cloud Storage resources with
gsutil
The following labs are recommended for satisfying the prerequisites:
Updates
September 9th, 2021 - Update the VM's Debian host version
September 9th, 2019 - Lab content updated to reflect the latest gsutil experience
Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.