This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Cloud CDN private origin authentication with Cloud Storage backend

Posted on 10-07-2023 09:50 PM
wb
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Cloud CDN recently added support for "private origin authentication for Amazon Simple Storage Service (Amazon S3) and compatible object stores". https://cloud.google.com/cdn/docs/release-notes#September_14_2023 

Is private origin authentication not yet possible with Cloud Storage backends? Ideally I want to prevent clients from bypassing Cloud CDN and accessing the origin directly. I was hoping that we could, for example, assign to our Load Balancer a service account with the storage object viewer role.

The docs for Cloud CDN still seem to suggest that the bucket objects must be public unless using signed URLs. https://cloud.google.com/cdn/docs/setting-up-cdn-with-bucket#make_your_bucket_public 

Is this something that will (or already did) change or is this a special accommodation for AWS S3 backends?

Thanks.

1 1 1,576
1 REPLY 1
Top Labels in this Space