gsutil copy returning “AccessDeniedException: 403 Insufficient Permission” from GCE

Question

I am logged in to a GCE instance via SSH. From there I would like to access the Storage with the help of a Service Account:

GCE> gcloud auth list
Credenti         


        

Answer 1

So I tried a bunch of things trying to copy from GCS bucket to my VM. Hope this post helps someone.

Via SSHed connection:

and following this script:

sudo gsutil cp gs://[BUCKET_NAME]/[OBJECT_NAME] [OBJECT_DESTINATION_IN_LOCAL]

Got this error:

AccessDeniedException: 403 Access Not Configured. Please go to the Google Cloud Platform Console (https://cloud.google.com/console#/project) for your project, select APIs and Auth and enable the Google Cloud Storage JSON API.

What fixed this was following "Activating the API" section mentioned in this link - https://cloud.google.com/storage/docs/json_api/

Once I activated the API then I authenticated myself in SSHed window via

gcloud auth login

Following authentication procedure I was finally able to download from Google Storage Bucket to my VM.

PS

I did make sure to:

1. Make sure that gsutils are installed on my VM instance.

2. Go to my bucket, go to the permissions tab and add desired service accounts and set Storage Admin permission / role.

   3.Make sure my VM had proper Cloud API access scopes:

Answer 2

I have written an answer to this question since I can not post comments:

This error can also occur if you're running the gsutil command with a sudo prefix in some cases.

Answer 3

1. After you have created the bucket, go to the permissions tab and add your email and set Storage Admin permission.

2. Access VM instance via SSH >> run command: gcloud auth login and follow the steps.

Ref: https://groups.google.com/d/msg/gce-discussion/0L6sLRjX8kg/kP47FklzBgAJ