To reduce throttling and API limits, you can now use extra accounts or credentials during GIT and ADO restores.
CHANGELOG
🏠︎ HOME@ WEBSITE↘ FREE TRIAL✉︎ CONTACT SUPPORT

Google Cloud Storage

IAM roles and permission

To use Google Cloud Storage as backup storage in the Xopero ONE service, it is recommended to assign the Storage Admin IAM role (roles/storage.admin – full control of buckets and objects) to the GCS user, or create a service account with the minimal permission set:

  1. storage.objects.list

  2. storage.objects.get

  3. storage.objects.create

  4. storage.objects.delete

Support for immutable storage

Remember that immutable storage configuration is available only when creating a new bucket— there is no option to enable it for an existing bucket.

Enabling retention and/or versioning for the bucket may result in additional data being stored. It is recommended that the retention period in Xopero ONE be longer than the one set for the storage. Otherwise, this may lead to storage overload.

If you want to use immutable storage, the following permissions are required:

Required to read Object Lock
s3:GetBucketObjectLockConfiguration
Required to read the versioning configuration
configuration.s3:GetBucketVersioning

Buckets with retention enabled cannot be used as storage for Xopero ONE.

It must be added to the Action section, and after the changes, the section should look as shown below:

"Action": [
                    "s3:ListBucket",
                    "s3:GetObject",
                    "s3:PutObject",
                    "s3:DeleteObject",
		    "s3:GetBucketVersioning",
	            "s3:GetBucketObjectLockConfiguration"
               ],

Useful links and items

LogoIAM roles for Cloud Storage  |  Google CloudGoogle Cloud
LogoSet and manage IAM policies on buckets  |  Cloud Storage  |  Google CloudGoogle Cloud
LogoProtecting Cloud Storage with WORM, key management and more updates | Google Cloud BlogGoogle Cloud

Last updated