Compute Engine access to Cloud Storage Bucket

[Dave Greenly]

I have a cloud storage bucket that is located in the US "location".

You can see the output from the gs ls command below showing the bucket is in the US Location.  But if I create a Compute Engine that is in in the us-central1-f region, the compute engine cannot access the bucket using the gsutil cp command?

But if I create that same VM in the us-central1-a region, the gsutil cp command works fine?

Is there something I need to do to get my bucket available to the f region?  

Thanks

Dave

gsutil ls -L -b gs://xx_xxxxx_xxxx/gs://ca_webpage_plots/ : Storage class: STANDARD Location constraint: US Versioning enabled: None Logging configuration: None Website configuration: None CORS configuration: None Lifecycle configuration: None

[Kamran (Google Cloud Support)]

Hello Dave,

When creating a VM machine, you can specify the scope of service account access for the VM instance. By default, new instances have the following scope enabled:

Read-only access to Google Cloud Storage: https://www.googleapis.com/auth/devstorage.read_only

Therefore, if you're trying to upload a file to the Cloud Storage using 'gsutil cp' command, it will fail with the following message:

AccessDeniedException: 403 Insufficient Permission

To be able to upload a file to a bucket from your GCE VM instance, you will need to set the scope of service account of the VM instance with 'write' or 'full access' to the Cloud Storage. Please visit this article for the steps to set this scope.

Alternatively, you can try 'gcloud auth login' command to authenticate with an account which has editor or ownership permissions to the project. Then upload the files to the Cloud Storage.

I hope this will be helpful.

Sincerely,

Kamran

[Nathan Bendich]

I had a similar problem and found the simplest way to solve it was `gcloud auth login`.

On Wednesday, September 2, 2015 at 12:22:48 PM UTC-4, Dave Greenly wrote: