search
Search
Join our weekly DS/ML newsletter layers DS/ML Guides
menu
menu search toc more_vert
Robocat
Guest 0reps
Thanks for the thanks!
close
Comments
Log in or sign up
Cancel
Post
account_circle
Profile
exit_to_app
Sign out
help Ask a question
Share on Twitter
search
keyboard_voice
close
Searching Tips
Search for a recipe:
"Creating a table in MySQL"
Search for an API documentation: "@append"
Search for code: "!dataframe"
Apply a tag filter: "#python"
Useful Shortcuts
/ to open search panel
Esc to close search panel
to navigate between search results
d to clear all current filters
Enter to expand content preview
icon_star
Doc Search
icon_star
Code Search Beta
SORRY NOTHING FOUND!
mic
Start speaking...
Voice search is only supported in Safari and Chrome.
Navigate to
A
A
brightness_medium
share
arrow_backShare
Twitter
Facebook

Preventing public access to buckets and files in Google Cloud Storage using Python

Cloud Computing
chevron_right
Google Cloud Platform
chevron_right
Cloud Storage
chevron_right
Python client library
schedule Jul 1, 2022
Last updated
local_offer Cloud Computing
Tags

Prerequisites

To follow along with this guide, please make sure to have:

  • created a service account and downloaded the private key (JSON file) for authentication (please check out my detailed guide)

  • installed the Python client library for Google Cloud Storage:

    pip install --upgrade google-cloud-storage

Preventing public access to buckets and files in Google Cloud Storage

To prevent public access to buckets and files in Google Cloud Storage using Python, enable the Prevent Public Access option via the iam_configuration property of the bucket:

from google.cloud.storage.constants import PUBLIC_ACCESS_PREVENTION_ENFORCED
from google.cloud import storage

# Authenticate ourselves using the primary key of our service account
path_to_private_key = './gcs-project-354207-099ef6796af6.json'
client = storage.Client.from_service_account_json(json_credentials_path=path_to_private_key)
# The target bucket
bucket = client.get_bucket('test-bucket-skytowner')
bucket.iam_configuration.public_access_prevention = PUBLIC_ACCESS_PREVENTION_ENFORCED
# Apply the changes
bucket.patch()

Here, note the following:

  • we had to import the PUBLIC_ACCESS_PREVENTION_ENFORCED constant, which is actually just a string of value 'enforced'.

  • all the files within the bucket will no longer be publicly accessible

NOTE

Note that we can replace PUBLIC_ACCESS_PREVENTION_ENFORCED with PUBLIC_ACCESS_PREVENTION_INHERITED in the above code snippet to disable Public Access Prevention programmatically.

To confirm that the Public Access Prevention is now turned on for the bucket, head over to the web console for GCS, and click on the bucket (test-bucket-skytowner in our case) and then click on the PERMISSIONS tab:

Notice how the bucket (and all the files within this bucket) are not publicly accessible, and that there is now an option to REMOVE PUBLIC ACCESS PREVENTION.

mail
Join our newsletter for updates on new DS/ML comprehensive guides (spam-free)
robocat
Published by Isshin Inada
Edited by 0 others
Did you find this page useful?
thumb_down
Ask a question or leave a feedback...
0
thumb_down
0
chat_bubble_outline
0
settings
Enjoy our search
Hit / to insta-search docs and recipes!