You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
This lesson brings together the key best practices for using Cloud Storage in production. Following these guidelines will help you build secure, cost-efficient, reliable, and well-managed object storage architectures on Google Cloud.
Disable ACLs and use IAM only for all new buckets. This simplifies access management and makes it easier to audit:
gcloud storage buckets update gs://my-bucket --uniform-bucket-level-access
Unless your bucket specifically needs to serve public content, enforce public access prevention:
gcloud storage buckets update gs://my-bucket --public-access-prevention
Grant the most restrictive role that meets the need:
| Need | Role |
|---|---|
| Read objects | roles/storage.objectViewer |
| Upload objects | roles/storage.objectCreator |
| Read + write + delete objects | roles/storage.objectAdmin |
| Full bucket management | roles/storage.admin |
Never embed user credentials in application code. Use attached service accounts on GCP resources (VMs, Cloud Functions, Cloud Run) and Workload Identity Federation for external systems.
gcloud storage buckets update gs://sensitive-bucket \
--default-encryption-key=projects/my-project/locations/europe-west2/keyRings/my-ring/cryptoKeys/my-key
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.