External content provider: Google Cloud storage
Create Google Cloud storage bucket
This section describes how to create and configure a new Google Cloud Storage Bucket. Please follow the steps below:
Open a web browser and navigate to https://console.cloud.google.com to log into the Google Cloud Console.
In the left menu, click Storage > Browser.
In the Browser page, click Create Bucket.
Create a bucket by following the Create Bucket step-by-step process.
Create API credentials
From the left menu, click APIs and Services > Credentials.
Click the Create Credentials button on the Credentials page and select API key from the dropdown menu.
The API key will be used within the configuration of the Google Cloud Storage ECP. After the API key is created and displayed, click Restrict Key.
Set the API key’s Application restrictions and API restrictions.
If an application restriction is configured, HTTP referrers is required for RPI to connect to Google Cloud Storage. For API restriction, make sure Cloud Storage, Cloud Storage API, and Google Cloud Storage JSON API restrictions are checked.
Create an OAuth client ID. Click the Create Credentials button on the Credentials page. Select OAuth client ID from the drop-down menu.
In the Create OAuth client ID page, select Web application as the application type. Provide a name for your ID and set an authorized redirect URI. Make sure that the redirect URI has been added to the Authorized Domains list. This can be configured in the OAuth consent settings page.
Click the Create button to finish the step. The Client ID, Client Secret, and Redirect URI will be used within the configuration of the Google Cloud Storage ECP.
Set the IAM permissions
Set the IAM permissions for Cloud Storage. From the main menu, navigate to IAM & Admin > Roles. Click Create Role.
Specify the Title and ID of the role.
Click the Add Permissions button.
In the Permissions dialog, filter for ‘storage.buckets’. Check the following permissions:
storage.buckets.create
storage.buckets.delete
storage.buckets.get
storage.buckets.list
Click the Add button.
Filter for ‘storage.objects’. Check the following permissions:
storage.objects.create
storage.objects.get
storage.objects.list
storage.objects.delete
Click the Add button.
The role should now list the permissions selected above. If incomplete, click the Add Permissions button again to reselect the missing permissions.
At the menu on the left, click IAM. Assign the created role to the user that will be using Google Cloud Storage.