search
Search
Login
Unlock 100+ guides
menu
menu
web
search toc
close
Comments
Log in or sign up
Cancel
Post
account_circle
Profile
exit_to_app
Sign out
What does this mean?
Why is this true?
Give me some examples!
search
keyboard_voice
close
Searching Tips
Search for a recipe:
"Creating a table in MySQL"
Search for an API documentation: "@append"
Search for code: "!dataframe"
Apply a tag filter: "#python"
Useful Shortcuts
/ to open search panel
Esc to close search panel
to navigate between search results
d to clear all current filters
Enter to expand content preview
icon_star
Doc Search
icon_star
Code Search Beta
SORRY NOTHING FOUND!
mic
Start speaking...
Voice search is only supported in Safari and Chrome.
Navigate to

Preventing public access to buckets and files in Google Cloud Storage using Python

schedule Aug 10, 2023
Last updated
local_offer
Cloud Computing
Tags
mode_heat
Master the mathematics behind data science with 100+ top-tier guides
Start your free 7-days trial now!

Prerequisites

To follow along with this guide, please make sure to have:

  • created a service account and downloaded the private key (JSON file) for authentication (please check out my detailed guide)

  • installed the Python client library for Google Cloud Storage:

    pip install --upgrade google-cloud-storage

Preventing public access to buckets and files in Google Cloud Storage

To prevent public access to buckets and files in Google Cloud Storage using Python, enable the Prevent Public Access option via the iam_configuration property of the bucket:

from google.cloud.storage.constants import PUBLIC_ACCESS_PREVENTION_ENFORCED
from google.cloud import storage

# Authenticate ourselves using the primary key of our service account
path_to_private_key = './gcs-project-354207-099ef6796af6.json'
client = storage.Client.from_service_account_json(json_credentials_path=path_to_private_key)
# The target bucket
bucket = client.get_bucket('test-bucket-skytowner')
bucket.iam_configuration.public_access_prevention = PUBLIC_ACCESS_PREVENTION_ENFORCED
# Apply the changes
bucket.patch()

Here, note the following:

  • we had to import the PUBLIC_ACCESS_PREVENTION_ENFORCED constant, which is actually just a string of value 'enforced'.

  • all the files within the bucket will no longer be publicly accessible

NOTE

Note that we can replace PUBLIC_ACCESS_PREVENTION_ENFORCED with PUBLIC_ACCESS_PREVENTION_INHERITED in the above code snippet to disable Public Access Prevention programmatically.

To confirm that the Public Access Prevention is now turned on for the bucket, head over to the web console for GCS, and click on the bucket (test-bucket-skytowner in our case) and then click on the PERMISSIONS tab:

Notice how the bucket (and all the files within this bucket) are not publicly accessible, and that there is now an option to REMOVE PUBLIC ACCESS PREVENTION.

robocat
Published by Isshin Inada
Edited by 0 others
Did you find this page useful?
thumb_up
thumb_down
Comment
Citation
Ask a question or leave a feedback...
thumb_up
0
thumb_down
0
chat_bubble_outline
0
settings
Enjoy our search
Hit / to insta-search docs and recipes!