Creating a Google Cloud Storage bucket is simple, but the IAM permissions required to perform operations in the bucket can be difficult to understand. Especially when you want something as simple as to provide upload/download access to the person who created the bucket and perhaps a service account.
Below are the commands for creating a Google Cloud Storage bucket.
# establish login
my_user=me@my.domain
gcloud auth login $my_user
# set project
project_id=my_project_id123
gcloud config set project $project_id
# create cloud storage bucket
bucket_name="${project_id}-my_bucket-random123"
gsutil mb -p $project_id gs://$bucket_name
You can assign yourself and/or a service account with roles on the bucket.
# add self as admin
gsutil iam ch user:${my_user}:admin gs://$bucket_name
# add service account in viewer role
sa_name="svc_acct1@${project_id}.iam.gserviceaccount.com"
gsutil iam ch serviceAccount:${sa_name}:objectViewer gs://$bucket_name
Copy files to the bucket using the command below.
gsutil cp my.log gs://$bucket_name
REFERENCES
gsutil mb – create storage bucket
gsutils permissions required for various commands
stackoverflow, example adding and removing users from bucket permissions