Storagebuckets
-
IAM Member for KMS Encryption:
- Grants a service account the role of
roles/cloudkms.cryptoKeyEncrypterDecrypter
for the project, enabling it to encrypt and decrypt data using the specified KMS key.
- Grants a service account the role of
-
Google Cloud Storage Buckets:
- care-facility: A bucket for storing facility images.
- care-patient-data: A bucket for storing patient files.
- Both buckets share similar configurations:
- Naming Convention: Follows a specific pattern based on the project name and region.
- Location: Specifies the region for data storage.
- Storage Class: Utilizes the STANDARD storage class for general-purpose storage.
- Versioning: Enabled to retain multiple versions of objects.
- Encryption: Configured to utilize the KMS key specified in a remote Terraform state for data encryption.
- Dependency: Relies on the IAM member resource to ensure proper sequencing during deployment.
- Public Access Restriction: Enforced to prevent unauthorized public access to the buckets.
- Labels: Optional labels for organizing and categorizing resources.
- Uniform Bucket Level Access: Activated to regulate access to buckets and objects using IAM policies.
- Both buckets share similar configurations:
-
IAM Policy Management for Buckets:
- Assigns the role of
roles/storage.admin
to a designated user (example@mail.com
) for each bucket, granting administrative privileges to manage the buckets and their contents.
- Assigns the role of
-
Configure CORS:
- Activates Cloud Shell for executing commands.
- Provides a sample
bucket-config.json
file containing CORS configuration settings. - Instructs users to replace the placeholder origins with their actual deployed frontend URLs.
- Guides users to apply the CORS configuration for both buckets using the
gcloud
CLI.
Here's the CORS configuration code for bucket-config.json
:
[
{
"origin": ["https://care.ohc.network", "https://care.coronasafe.in"],
"method": ["GET", "PUT"],
"responseHeader": ["*"],
"maxAgeSeconds": 3600
}
]
Following this configuration, users can execute the following commands in Cloud Shell to apply the CORS configuration to each bucket:
gcloud storage buckets update gs://<prefix>-care-facility --cors-file=bucket-config.json
gcloud storage buckets update gs://<prefix>-care-patient-data --cors-file=bucket-config.json
Setup ensures the creation of secure storage buckets with proper encryption, access controls, and CORS configuration in Google Cloud Storage.