How to provision Google Cloud Storage buckets for Craft CMS 3.x

google_cloud_storage_craft_3.md

Create the bucket

1. Open the console https://console.cloud.google.com
2. If you haven't already, setup your Cloud billing account
3. From the drop down at the top of the screen, create new project for your client, e.g. my-client
4. Make a note of the Project number on the project Home screen (Craft refers to this as the Project ID)
5. In the sidebar go to APIs & Services > Credentials, click the + Create credentials button and choose the Service Account type

• Set account name to craft-cms or similar
• Set role to Owner
• Save

6. Click on the newly created service account email to edit it, then click the Keys tab and click Add key > Create new key and select the JSON format
7. The key will automatically download to your computer as a text file. Save this and the service account email shown on screen (e.g. [email protected]) in a safe place.
8. Go to Storage in the sidebar and create a new bucket in the project with a logical name, e.g. my-client-assets. Choose a multi-region close to your client's users and use the Standard storage class. Set bucket access to Fine grained (per object) NOT Uniform (per bucket). Craft will only work with the per-object permissions model.
9. On the permissions tab for the new bucket, click Add for each of the following:
   • type allUsers and choose the Storage Object Viewer role. Click 'Yes' to the pop-up warning you that this will make your bucket public.
   • type in the service account email that you created earlier e.g. [email protected] and add role Storage Admin (under Cloud Storage > Storage Admin).

Set up CORS support (optional)

1. Click the button at the top right of the screen Activate Cloud Shell

2. Create CORS config file with these commands (replacing with your desired config and bucket name):

   echo '  [{"origin": ["*"],"responseHeader": ["Content-Type"],"method": ["GET", "HEAD"],"maxAgeSeconds": 3600}]' > cors-config.json
   gsutil cors set cors-config.json gs://my-client-assets
   

3. Verify that the CORS config was applied correctly:

   gsutil cors get gs://my-client-assets  
   

Add additional buckets

You should consider creating additonal buckets for your different environments (e.g. staging) so that they do not access the production bucket directly. At least one bucket should also be created for backups. While the multi-regional bucket type is highly available by design and unlikely to lose your data, it is still possible that a bucket could become corrupted by user error, or due to a bug with Craft's use of the Cloud Storage API.

You can use Google Cloud Storage Transfer facility to syncronize these additional buckets with your production bucket, and schedule transfers so that they occur automatically.

Alternatively, you can trigger a rsync between two buckets with the gsutil command line tool. When triggered by a CRON you can implement a custom backup strategy. For example, to make mybucket2 (destination) identical to mybucket1 (source):

gsutil rsync -d -r gs://mybucket1 gs://mybucket2

Set up the asset volume in Craft

1. Install the Google Cloud Storage plugin
2. Go to Settings > Assets and click the New Volume button
3. Choose the Google Cloud Storage volume type, enter the Project ID you saved earlier and paste in the contents of your Service Account Key in the Contents of the access key file field.
4. Select the bucket you created earlier (and note that you can switch between the synchronized buckets in your account at any time - thus for your staging environment select the staging bucket, for example).
5. If you want to have multiple volumes that use the same bucket (recommended), set a subfolder path. You can create this subfolder manually in the Google Cloud Storage interface.