SFTP Gateway Support

3.0

Configure a Service Account

Overview

In order to function properly, SFTP Gateway needs permission to Google Storage. This is accomplished through a Service Account:

  1. Grant permissions to a Service Account
  2. Export the Service Account credentials to a JSON key
  3. Import the JSON key into an SFTP Gateway Cloud Connection

Through the use of the JSON key, SFTP Gateway has the same level of access to Google Storage as the Service Account.

Create a Service Account

First, you will create a Service Account.

Go to IAM & Admin --> Service Accounts --> +Create Service Account

There is no need to configure any Roles at this point (permissions will be configured at a later step). Keep accepting the defaults until the Service Account is created.

Make sure to copy the Email of your newly created Service Account as it is needed in a later step.

For example, the email of my Service Account was:

bryce-account@sftp-gateway.iam.gserviceaccount.com

Configure permissions for your bucket

There are two approaches for assigning permissions to a Service Account.

  • You can grant access directly to a Service Account. This approach works well for granting broad access, such as permission to all Google Storage buckets.
  • From an individual bucket, you can add the Service Account as a principal. This approach works if you want to limit permissions to a single bucket.

In this scenario, we will use the latter approach.

First, navigate to Cloud Storage and find your bucket.

Then, click on the Permissions tab.

Permissions

Click + Grant Access. You will see the following pane open on the right.

Permissions

Under New principles, enter the Email of the Service Account you created earlier.

Under Role, select Storage Admin. This grants Storage Admin access to that specific bucket.

Click Save after configuring the principle and role.

Download the credentials (JSON key file)

In this section, you will download credentials for your Service Account in the form of a JSON key.

Navigate back to your Service Account by going to: IAM & Admin --> Service Accounts --> Your Service Account.

Once you have entered into your Service Account, go to the Keys tab and click Add Key --> Create New Key.

When prompted, choose JSON as the Key type, and click Create.

Keys

You should now have the JSON key saved to your local filesystem.

Import the JSON key file into SFTP Gateway

Log into the web admin portal of SFTP Gateway.

On the Settings page, you will see a section for Cloud Connections.

Click Add New Connection, and select Google Cloud Services, which defines a connection to a Cloud Storage Bucket. Enter the name of your Cloud Storage Bucket in the GCS Bucket URI.

Toward the bottom, you can upload a credential file. This is where you will upload the JSON key you created earlier.

Here is also a YouTube video of how to configure a service account:

PreviousNext