We would like to use Google Cloud Storage as permanent storage for user-uploaded files. Unfortunately, I canβt add App Identity ( application-id@appspot.gserviceaccount.com ) to our "Team" because our team is based on Google Apps for Domains and it does not allow email addresses that do not belong to our domain, which will be in teamwork.
Is there a recommended way to authenticate an App Engine instance in this case?
Create a new team using your gmail account. Add all members of your team (including the app) and remove the gmail account from the team.
Yes, this is a terrible hack. Sorry.
You can also work around this by using GSUtil to explicitly grant write access to the bucket you are creating so that your -id@appspot.gserviceaccount.com "appβs application has sufficient access to the bucket. By default, other users are not available to your bucket.
What you need to do with GSUtil to change your bucket ACL:
Make changes to acl.txt, for example, add an additional grant for the user " application-id@appspot.gserviceaccount.com " to have write access to the bucket, see the ACL document. on how to do this: http://code.google.com/apis/storage/docs/accesscontrol.html#applyacls In particular, it may look something like this to add to the downloaded acl.txt:
<Entry> <Scope type="UserByEmail"> <EmailAddress> application-id@appspot.gserviceaccount.com </EmailAddress> <Name>Service Account</Name> </Scope> <Permission>FULL_CONTROL</Permission> </Entry>
Update bucket ACL: gsutil setacl acl.txt gs: // yourbucket
Hope this helps!
To use Google Cloud Storage, you can follow this link https://developers.google.com/storage/ , and then create a new account and then use it.