Google Cloud Storage Bucket Configuration

This document is for any Umbra client desiring direct data delivery to their Google Cloud Storage bucket. The following instructions show how to configure a bucket via the Google Cloud console browser interface such that Umbra systems have the requisite access to enable data delivery.

Required Readings: https://docs.canopy.umbra.space/update/docs/delivery-configs#/

• In the Google Cloud Console view
  • Under Cloud Storage > Buckets

    • Select your bucket in the list view

    • Select the Permissions tab

    • Click Grant Access

    • Add aPrincipal from the Workload Identity Federation IAM Providercredentials used when creating the associated DeliveryConfig

      • These credentials are accessible under the IAM & Admin > Workload Identity Federation > Workload Identity Pools view
      • 

    • This should be something similar to: principalSet://iam.googleapis.com/projects/<projectNumber>/locations/global/workloadIdentityPools/<workloadPoolName>/*

      • Reference https://cloud.google.com/iam/docs/principal-identifiers

    • The specify Storage Object Creator for the role

    •