Setting up Instance Identity for StorageLink
Overview
This article goes over how to set up StorageLink with a Attached Service Account
, otherwise known as an Instance Identity.
Folders
can then use this Identity, instead of using a JSON Key File
.
Configure API & Identity Management
In order for your VM to have Read/Write access by default, you will need to grant your instance's service account Read Write
permission to Google Cloud Storage. This can be accomplished by configuring the API and identity management settings on your VM.
First, you will need to Stop your VM, as you cannot change the identity management settings while the instance is running.
Once your instance has been stopped, under the Details
tab, click Edit.
Scroll down until you see the Identity and API access section.
Under Access scopes, select the Set access for each API
radio button.
The API you want to configure is the Storage API. Set this value to Read Write
. This will grant your instance Read/Write permissions to Google Cloud Storage.
Click Save to confirm your changes, and then Start the instance up again.
Configure your Cloud Connection
Now that your VM has the necessary permissions to Google Cloud Storage, select Use Attached Service Account
for your Cloud Credentials.
To verify you have the correct permissions, you can use the Test Connection button.