Skip to main content

GCS Reader initial setup

You must review the prerequisites, permissions and authentication requirements and connection properties before you set up the connection.

Prerequisites

The following prerequisites are needed before configuring the GCS Reader:

  • Service account: To access Google Cloud Storage you need valid user credentials with authorization.

  • To use the GCSAuditLogNotification object detection mode, you must configure the audit log and users with necessary permission to access the logs.

See Setting up Google Cloud Storage permissions.

Setting up Google Cloud Storage permissions

You must configure the following Google Cloud Storage permissions depending on which object detection modes you will use:

  • To enable reading files from Google Cloud Storage, you must create a custom Google Cloud Storage role with get and list permissions and assign it to your Service Account.

  • To enable reading the audit log on Google Cloud Storage, you must enable the audit log and grant audit log permissions to your custom role.

  1. If audit log access is needed, check the Data Write property to enable the audit log on GCS.

    gcs-reader-enable-audit-log.png

  2. Create a custom role with the following permissions:

    • GCS permissions: storage.objects.get and storage.objects.list

    • GCS audit log permissions (if Audit Log access needed): logging.logEntries.list and logging.privateLogEntries.list

      gcs-reader-permissions1.png

  3. Create a Service Account and assign this custom role.

    gcs-reader-apply-role-service-account.png

  4. Generate the Service Account key in JSON format.

    gcs-reader-service-account-key.png

  5. In your Striim GCS Reader configuration, copy the downloaded JSON key path to the Service Account Key property.

    gcs-reader-striim-config.png

Configuring Striim to work with GCS Reader

All clients and drivers required by GCS are bundled with Striim. No additional setup is required.