Permissions
IAM roles and permission
To use Google Cloud Storage as backup storage in the GitProtect service it's recommended that the GCS user has the Identity and Access Management (IAM) role of Storage Admin (roles/storage.admin - grants full control of buckets and objects) or create a service account with the minimal permission set:
storage.objects.list
storage.objects.get
storage.objects.create
storage.objects.delete
Find more details about permission on Google Cloud Storage official site:
Support for Immutable Storage
If you want to use the Immutable storage, the following permissions are required:
s3:GetBucketObjectLockConfiguration - required to read Object Lock
configuration.s3:GetBucketVersioning - required to read the versioning configuration.
Remember, that the Immutable Storage configuration is available only when creating the new bucket - there is no option to enable Immutable Storage in an already existing bucket!
Retention and/or versioning enabled for the bucket may result in the storage of additional data. It is recommended that the retention in GitProtect be longer than the one set for storage. Otherwise, it may lead to storage being overloaded!
There is no possibility to use the bucket with retention enabled as a storage for GitProtect.
It must be added to the Action section, and after the changes, the section must look like the below:
More details about how to create or edit a bucket policy available on Google Cloud Storage documentation: Adding a bucket policy
To see more about S3 Immutable storage, visit: https://cloud.google.com/blog/products/storage-data-transfer/protecting-cloud-storage-with-worm-key-management-and-more-updates
Last updated
