My google account has been added to another google cloud platform account. I want to create a simple static website on the cloud, so have been following this: https://cloud.google.com/storage/docs/hosting-static-website
I need to create a bucket with the name of the domain. It states you need to be the owner of the domain and you verify with webmaster tools which is fine. I own the domain on the google account I was added with. I have then added the google account email address which I have been added to, but every time I go to create the bucket it still says I need to verify it! Does the domain need to be verified by the prime cloud account? Or is this just a cache thing? Or am I doing something else wrong!?
I had the site added as https within google search console and static sites hosted in buckets don't support ssl!
Related
I'm configuring Google Cloud CDN with Google Cloud Storage following article :
https://cloud.google.com/cdn/docs/setting-up-cdn-with-bucket#make_your_bucket_public
In my experience for AWS,
S3 Bucket can allow read permission only for its CDN (Cloudfront)
I wonder if GCP also has a similar feature,
Above article, I make 'allUsers' read the bucket, but I don't want to give the read permission for all users but only for Cloud CDN.
I've checked IAM documents but couldn't find.
Please help me
Cloud Storage Bucket allow the read permission only for Cloud CDN, not all users.
I don't want to make my bucket public.
The reason I ask if you consider accessing with IP address because Ive checked this link wherein you can limit an access by using the IP address.
Another link that I can share is signed URL, however based from the link “signed URLs give time-limited resource access to anyone in possession of the URL” and “signed URL is a URL that provides limited permission and time to make a request” I believed this one is time limited.
One thing that I can also think of is to use IAM with buckets wherein you can set permission you want to a certain user. For more information and configuration of this feature you also visit this site
Google recently release in public beta the v4 token signing process to support private origins. In this case, you can use the new v4 token signing process to access a private GCS bucket. One of my colleagues wrote a blog post with directions on how to do this: https://medium.com/#thetechbytes/private-gcs-bucket-access-through-google-cloud-cdn-430d940ebad9
I wanted to setup my cloud identity but its asking me to verify the domain that is already hosted on GCP. Can you help me with Cloud Identity setup with a proper organisation created (today its named "No Organisation"). I'm the admin for this account DOMAIN: we host our Corporate website on GCP with domain already registered with DNS services in google.
on the GCP Identity page its also giving me the following message.
Your current account, k*****.***a#DOMAIN.NL, is not associated with an organization on Google Cloud. This checklist is designed for administrators who are trusted with complete control over a company’s Google Cloud resources. If you already have an administrator account for your organization, sign in with the account now. Or, ask your company administrator to start the checklist.
I guess I'm stuck in a Chicken-n-Egg problem.
You need to create a Google Workspace account. Create it on your domain DOMAIN.NL, with you as 1st admin user and with subscription plan or not (in my case, I wasn't able to remove the 15 days of trial. Get it, you will be able to remove the trial subscription later (in the user list) on the admin.google.com Workspace console). You are able to create your org for free, but it's absolutely not clear!!
From the new user account that you have created on your Workspace domain (you#DOMAIN.NL), you will be able to reach the console (console.cloud.google.com) and you have your org.
Now you need to migrate the projects and to review the authorization. You also need to (re)create a Billing Account.
I didn't find another way to achieve this.
I would like to upload a image on a google storage bucket, for that I generated signed URL which would be passed to client for upload. I observed that google cloud bucket name is exposed in the signed URL.
https://storage.googleapis.com/myproject-images/test.PNG?X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=3242342308700-compute%40developer.gserviceaccount.com%2F20200430%2Fauto%2Fstorage%2Fgoog4_request&X-Goog-Date=20200430T044803Z&X-Goog-Expires=900&X-Goog-SignedHeaders=host&X-Goog-Signature=*********************
My question: Is it possible to encrypt/map or hide the google cloud bucket in signed URL. I do not want to expose my bucket name to end user
It's not possible, if you want the client to directly access that data. You could obfuscate it by using a URL shortener, but all that would do is hide it from view temporarily.
Once you choose to allow clients to access your project directly, your project id is no longer private information. That ID is absolutely required in order to identify resources within your project (and not just Cloud Storage). The same is true for all Firebase-related client access that goes directly to Google Cloud and Firebase products.
If you don't want anyone to see the name of your project, you will either:
Disallow all direct client access
Route all requests through some middleware service identified by another DNS name that hides all the implementation details of the interaction with Google Cloud products.
I created a google cloud instance for a client and handed over the details to them but now, they don't know the google console email address. They know the IP because the app deployed there is still running. It may be time to pay soon and not knowing the console detail means they will not be able to pay.
Is there a way to get the details from the IP address of the console instance?
Without being able to login to the Google Cloud Console, you will have problems.
Note: I am listing contact Google Support as a last example because you do not have paid Google Support. Google Support only offers billing question support for free. Since you cannot sign into the Google Cloud Console, you cannot sign up to pay for support. However, losing your login might qualify as billing support since you need to pay for your services to keep them running.
Techniques:
If you have access to a computer that has logged into the Google Cloud Console, try. A list of Google Accounts will be displayed to choose from. No guarantee, but usually people do not delete old accounts from Google Accounts. Try each one to access the Google Console. If you / they have forgotten the password, go thru the lost password process.
When you sign up for Google Cloud, emails are sent to the account email address. Have everyone do a search for Google Cloud. My welcome email came from CloudPlatform-noreply#google.com.
If you have created a Service Account, the json file will have the Project ID. This is globally unique and Google could lookup the account holder and send that person an email. Contact Google Support in this case.
If you have a system that you setup the gcloud tools on for this project, run the command gcloud auth list. This will display the authenticated accounts. Usually one of them is a Google Accounts account that can login to the Google Console.
Google Support can map the public IP address to an account. Contact Google Support in this case.
At my company we want to start hosting our applications on Google Cloud Platform, so, I signed up, which asked me to create a Google Account, so, I used my business email address pablo.fernandez#example.com to do so. But now it looks like this is an organization-less account. When I try to sign up for Cloud Identity, so that we can have an organization and other users in the GCP account I get this error:
Does GCP require me to sign up with a temporary throway email so I can set it up correctly? At any point, how do I move forward from here?
Although Cloud identity is a separate service from G Suite, most probably the same rules apply when managing users: https://support.google.com/a/answer/7044710?hl=en
Before you add users to your organization's Google domain, you should check if they have a personal Google Account with the same email address that you plan to use for their managed Google Account. Two accounts can’t share the same email address. If they do, you have 2 options:
Option 1: Invite your users to transfer or rename their existing account (using a tool in the Google Admin console).
Option 2: Require users to rename their existing account.
Learn more about conflicting accounts.
I believe it is because ultimately they are all "google accounts" just that, G Suite and Cloud Identity accounts belong to an Organization.