Google Cloud (GCP)

Supported URL formats

Earthscale supports GCP URLs formatted like:

gs://{bucket_name}/{path_to_files_can_contain_glob_patterns}

Values in curly brackets are placeholders.

Security

Earthscale uses OpenID Connect (OIDC) to securely access your cloud data using dedicated per-customer service accounts. This eliminates the need to share credentials while providing fine-grained access control over your cloud resources. It also lets you revoke access at any time if necessary.

Granting Access

To grant Earthscale access to a GCP bucket:

• Open Earthscale

• Click on the user icon in the top-right corner of the left sidebar

• Click "Cloud Access"

Here you can see the GCP service account used to access your data, and copy a command to grant access to a bucket:

Just enter your bucket name in the input box and click the "Copy" button at the top-right corner.

Use the Google Cloud Console

If you do not have access to the CLI, you can also grant access in the Google Cloud Console.

• Copy your Earthscale GCP service account email from the cloud access dialog (see above). It should look like:

[email protected]

• Navigate to the bucket you want to share in the Google Cloud Console

• Tab "Permissions"

• Tab "View by principals"

• Click "Grant access"

• Enter the storage account email you copied before into the "Principals" field

• Add the "Storage Object Viewer" role

• Add the "Storage Legacy Bucket Reader" role

Creating a new bucket

If you'd prefer to grant Earthscale access to a brand new bucket, you can follow the GCP guide to create one. Then, follow the instructions above to grant Earthscale access to that bucket.