SFTP Gateway Support

3.0

Setting up Instance Identity for SFTP Gateway

Overview

This article goes over how to set up SFTP Gateway with a Instance's Service Account, otherwise known as an Instance Identity.

Cloud Connections can then use this Identity, instead of using a JSON Key File.

Configure API & Identity Management

In order for your VM to have full access to Cloud Storage by default, you will need to grant your instance's service account Full permission to Google Cloud Storage. This can be accomplished by configuring the API and identity management settings on your VM.

First, you will need to Stop your VM, as you cannot change the identity management settings while the instance is running.

Once your instance has been stopped, under the Details tab, click Edit.

Scroll down until you see the Identity and API access section.

Under Access scopes, select the Set access for each API radio button.

The API you want to configure is the Storage API. Set this value to Full. This will grant your instance all the necessary permissions to Google Cloud Storage.

Storage

Click Save to confirm your changes, and then Start the instance up again.

Configure your Cloud Connection

Now that your VM has the necessary permissions to Google Cloud Storage, you will be able to select Use Instance's Service Account for your Cloud Connection Credentials.

To verify you have the correct permissions, you can use the Test Connection button.

Test

If you don't return 3 green checkmarks when using Test Connection, check that the Service Account of the instance has the necessary permissions to Google Cloud Storage.

PreviousNext