Setting up Instance Identity for SFTP Gateway
This article goes over how to set up SFTP Gateway with a
Instance's Service Account, otherwise known as an Instance Identity.
Cloud Connections can then use this Identity, instead of using a
JSON Key File.
Configure API & Identity Management
In order for your VM to have Read/Write access by default, you will need to grant your instance's service account
Read Write permission to Google Cloud Storage. This can be accomplished by configuring the API and identity management settings on your VM.
First, you will need to Stop your VM, as you cannot change the identity management settings while the instance is running.
Once your instance has been stopped, under the
Details tab, click Edit.
Scroll down until you see the Identity and API access section.
Under Access scopes, select the
Set access for each API radio button.
The API you want to configure is the Storage API. Set this value to
Read Write. This will grant your instance Read/Write permissions to Google Cloud Storage.
Click Save to confirm your changes, and then Start the instance up again.
Configure your Cloud Connection
Now that your VM has the necessary permissions to Google Cloud Storage, you will be able to select
Use Instance's Service Account for your Cloud Connection Credentials.
To verify you have the correct permissions, you can use the Test Connection button.