3

I would like to add basic authentication to the website that hosts on Google Cloud Storage. The site is connected to a load balancer, has a working SSL certificate and CDN.

Basic authentication would be enough, but Storage does not support htaccess. Signed URLs works great, but for individual files, not entire sites. Identity-Aware Proxy does not currently support sites on Storage.

Solution will only be used to protect the stage environment against the world. It should be designed to provide a simple entry for our team and the customer.

What solution will you recommend?

Brateq
  • 33
  • 4

1 Answers1

5

I understand that you are using a Backend buckets behind a HTTP(S) Load Balancer.

At the moment, it is not possible to set permissions or authentication checks at the load balancer level when accessing objects in the backend.

But you can use the "acl" command to set bucket permission or via Google Console. For example to make the bucket publicly readable so that it can be served through the load balancer, you need to add a read permission for AllUsers: gsutil acl ch -u AllUsers:R gs://BUCKET

There are other design choices which could achieve your original goal of controlling access to the Cloud Storage bucket, such as Users API for Python 2, Cloud Storage authentication, or Hosting a static website. For instance, you could set up authentication in the frontend, and only proxy requests which were properly authorized . This would require some additional coding, though.

You can also set security policies for the load balancer using Cloud Armor.

Jeff Schaller
  • 519
  • 6
  • 17
Lozano
  • 123
  • 2