1. Answers
  2. Deploying a GCP Storage Bucket IAM Member

How do I deploy a GCP storage bucketiammember?

In this example, we’ll walk through how to set up a Google Cloud Storage Bucket and configure IAM permissions for a specific member. By the end, you’ll have a storage bucket created and an IAM member assigned to it with appropriate access permissions.

Explanation

  1. Provider Configuration: We start by configuring the Google Cloud provider, specifying our project and region.
  2. Resource Definition: Next, we create a Google Cloud Storage Bucket.
  3. IAM Member Binding: Finally, we assign an IAM policy binding to the bucket, granting specific permissions to a user, service account, or group.

Program

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

export = async () => {
    // Create a GCP storage bucket
    const bucket = new gcp.storage.Bucket("bucket", {
        name: "example-bucket",
        location: "US",
    });
    // Define the IAM policy binding for the storage bucket
    const bucketIamMember = new gcp.storage.BucketIAMMember("bucket_iam_member", {
        bucket: bucket.name,
        role: "roles/storage.objectViewer",
        member: "user:example@example.com",
    });
    return {
        bucketName: bucket.name,
        bucketIamMemberRole: bucketIamMember.role,
        bucketIamMember: bucketIamMember.member,
    };
}

Summary

This configuration sets up a Google Cloud Storage Bucket and assigns read permissions to a specified IAM member. This workflow allows for managing and organizing GCP resources and their permissions efficiently using Infrastructure as Code.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up