SFTP Gateway Support

3.0

Using your own Cloud Storage Bucket

Overview

For the Single User Plan, files are saved in an S3 bucket in our environment by default. However, you may want to use your own specific cloud storage location, such as Google Cloud Storage.

To accomplish this, SFTP Gateway needs permission to your Cloud Storage Bucket. This is achieved through a Service Account created specifically for your Cloud Storage Bucket.

You will take the following steps:

  1. Create a Service Account
  2. Grant permissions to the Service Account on your bucket
  3. Export the Service Account credentials to a JSON key

Through the use of the JSON key, SFTP Gateway has the same level of access to your Cloud Storage Bucket as the Service Account.

This article walks you through this process.

Create a Service Account

First, you will create a Service Account.

Go to IAM & Admin --> Service Accounts --> +Create Service Account

There is no need to configure any Roles at this point (permissions will be configured at a later step). Keep accepting the defaults until the Service Account is created.

Make sure to copy the Email of your newly created Service Account as it is needed in a later step.

For example, the email of my Service Account was:

bryce-account@sftp-gateway.iam.gserviceaccount.com

Configure permissions for your bucket

There are two approaches for assigning permissions to a Service Account.

  • You can grant access directly to a Service Account. This approach works well for granting broad access, such as permission to all Google Storage buckets.
  • From an individual bucket, you can add the Service Account as a principal. This approach works if you want to limit permissions to a single bucket.

In this scenario, we will use the latter approach.

First, navigate to Cloud Storage and find your bucket.

Then, click on the Permissions tab.

Permissions

Click + Grant Access. You will see the following pane open on the right.

Permissions

Under New principles, enter the Email of the Service Account you created earlier.

Under Role, select Storage Admin. This grants Storage Admin access to that specific bucket.

Click Save after configuring the principle and role.

Download the credentials (JSON key file)

In this section, you will download credentials for your Service Account in the form of a JSON key.

Navigate back to your Service Account by going to: IAM & Admin --> Service Accounts --> Your Service Account.

Once you have entered into your Service Account, go to the Keys tab and click Add Key --> Create New Key.

When prompted, choose JSON as the Key type, and click Create.

Keys

You should now have the JSON key file saved to your local filesystem.

Sending your Information to Support

To configure the custom connection to your Cloud Storage Bucket, we will need a few pieces of information, such as:

  • The name of your SFTP User
  • The name of your Bucket
  • The JSON key for your Service Account

With this information, we will be able to create a Cloud Connection pointing towards your Cloud Storage Bucket and configure your SFTP user to use this connection.

This way, when you connect to the server, you will see your own files and folders located in your Bucket.

So, feel free to send us a message at support@thorntech.com that might look something like this:

Hello support,

I would like my SFTP user to connect to our own Cloud Storage Bucket.

Here is the required information:

SFTP User name:    bryce-wagner
Bucket Name:       dysprosium

The JSON key is attached to this message.

Please let us know when our SFTP user has been updated.

Thanks,
Bryce

Note: Make sure to change the required information to match your own values, as well as sending us the JSON key file for your bucket.

PreviousNext