google_storage_default_object_access_control

The DefaultObjectAccessControls resources represent the Access Control Lists (ACLs) applied to a new object within a Google Cloud Storage bucket when no ACL was provided for that object. ACLs let you specify who has access to your bucket contents and to what extent.

There are two roles that can be assigned to an entity:

READERs can get an object, though the acl property will not be revealed. OWNERs are READERs, and they can get the acl property, update an object, and call all objectAccessControls methods on the object. The owner of an object is always an OWNER. For more information, see Access Control, with the caveat that this API uses READER and OWNER instead of READ and FULL_CONTROL.

To get more information about DefaultObjectAccessControl, see:

Open in Cloud Shell

Example Usage - Storage Default Object Access Control Public

resource "google_storage_default_object_access_control" "public_rule" {
  bucket = google_storage_bucket.bucket.name
  role   = "READER"
  entity = "allUsers"
}

resource "google_storage_bucket" "bucket" {
  name     = "static-content-bucket"
  location = "US"
}

Argument Reference

The following arguments are supported:


Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

The project_team block contains:

Timeouts

This resource provides the following Timeouts configuration options:

Import

DefaultObjectAccessControl can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import DefaultObjectAccessControl using one of the formats above. For example:

import {
  id = "{{bucket}}/{{entity}}"
  to = google_storage_default_object_access_control.default
}

When using the terraform import command, DefaultObjectAccessControl can be imported using one of the formats above. For example:

$ terraform import google_storage_default_object_access_control.default {{bucket}}/{{entity}}