用于谷歌存储的静态网站的 Terraform 谷歌存储桶 - 403 [英] Terraform google bucket for static website for google storage - 403

问题描述

尝试为静态网站创建一个谷歌存储桶.

Trying to create a google bucket for the static website.

provider "google" {
  project = "myprojectname-123"
  credentials = "${file("storage-admin.json")}"
  region  = "us-central1"
  zone    = "us-central1-c"
}

resource "google_storage_bucket" "STANDARD" {
  name     = "mywebsite.com"
  storage_class = "STANDARD"
  location = "US"

  website {
    main_page_suffix = "index.html"
    not_found_page   = "404.html"
  }
}

> terraform 应用

googleapi:错误 403:您尝试创建的存储桶是域名由其他用户拥有.，禁止

googleapi: Error 403: The bucket you tried to create is a domain name owned by another user., forbidden

找到这个答案 对于 AWS

Found this answer for AWS

问:是否可以从 Terraform for Google Cloud 创建以存储域为中心的存储/存储桶?

推荐答案

(假设你已经已验证域 mywebsite.com，并且您是该域的所有者)

(Assuming that you have already verified the domain mywebsite.com, and that you are an owner of the domain)

我可以看到您正在使用服务的帐户凭据创建存储桶:

I can see that you are creating the bucket using a service's account credentials:

提供者谷歌"{

project = "myprojectname-123"

project = "myprojectname-123"

凭据 = "${file("storage-admin.json")}"

region = "us-central1"

region = "us-central1"

zone = "us-central1-c"

zone = "us-central1-c"

}

您必须将该服务帐户添加为域的所有者，因为创建这些资源的 terraform API 调用将使用其凭据来创建存储桶.

You will have to add that service account as an owner of the domain, since the terraform API Call to create those resources will use its credentials to create the bucket.

如果该帐户不在域的所有者列表中，您将收到 403 以及您收到的消息.有关如何将服务帐户添加为所有者的文档.

If the account is not on the owner list of the domain, you will receive the 403, with the message that you are getting. Documentation on how to add the service account as an owner.

此外，请确保将服务帐户添加为域所有者，而不是网站所有者.

As well, make sure that you add the service account as a domain owner, not a site owner.

这篇关于用于谷歌存储的静态网站的 Terraform 谷歌存储桶 - 403的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！