Google Certified Associate Cloud Engineer 2020

Sign Up Free or Log In to participate!

** SPOILER ** Please review my work

So this is the script I used in Cloud Shell. I know it opened all the permissions in the bucket, but other than that, what do you think, how to improve it?

gsutil mb -l us-central1 gs://thebucket

gsutil acl ch -g all:W gs://thebucket

gcloud compute instances create mychallengescriptvm2 –machine-type=f1-micro –metadata=lab-logs-bucket=gs://thebucket,startup-script-url= –zone=us-central1-a –scopes=storage-full

roy zanbel

I would say you can follow the "least privileged" concept and only allow bucket permissions to the service account instead of giving the allUsers groups a write permission which seems too permissive. And if you want to squeeze it all into a single line you can use the && opertor

1 Answers

All-in-all, if it worked and did all the critical things it needed to do, that’s the most important thing (except for what you’ve already identified with your bucket permissions)

One thing you could do is use variables to make the bucket name easier to work with


gsutil mb -l us-central1 gs://${bucketname}
gsutil acl ch -g all:W gs://${bucketname}
gcloud compute instances create vmname --machine-type=f1-micro --metadata=lab-logs-bucket=gs://${bucketname} 

I haven’t tested if that exact syntax would work, but if you’re curious, it could be worth having a read about bash scripting and see what you think

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?