I am trying to download a file into my bucket of my VM, but get the following error. How do I change the access to the access to the Google Cloud Storage bucket? The bucket was mounted using: gcsfuse user_bucket_1 my_bucket_2
This bucket was created when I have a different VM. Does it matter?
Edit: created a new bucket, same problem.
(base) user@instance-1:~/my_bucket_2$ gsutil -u absolute-bison-xxxx cp gs://realigned.cram.crai gs://bucket_1
AccessDeniedException: 403 xxxxxxxxxxxxx-compute@developer.gserviceaccount.com does not have storage.objects.list access to the Google Cloud Storage bucket.
Best Answer
AccessDeniedException: 403 xxxxxxxxxxxxx-compute@developer.gserviceaccount.com does not have storage.objects.list access to the Google Cloud Storage bucket.
Looks Like the service account is creating that error. The reason why the service account is being automatically used, is because you are using the command from your GCE instance. It looks like the IAM role needs to be granted to service account : ‘xxxxxxxxxxxxx-compute@developer.gserviceaccount.com’
The service account requires "storage.objects.list" in the project of the bucket. Depending on your use case, you can grant roles/storage.objectAdmin or roles/storage.admin in the IAM Page. [Navigation Menu >> IAM & Admin] or with cloud shell. These roles also contain "storage.objects.list".
'gcloud auth login' to authenticate is a great idea as well, but adding the roles might be a little easier. It's your preference.