Fix GCP Cloud Storage Pubsub Notif Errors
When working with GCP Cloud Storage, you may encounter a configuration error that prevents your deployment from working. This guide explains the most common mistake with pubsub notif and shows the exact fix.
A Common Mistake
Creating a Pub/Sub notification on a bucket but using a topic in a different project without granting publish permissions, causing notifications to be silently dropped.
The incorrect command:
gsutil notification create -t my-topic -f json gs://my-bucket
Error output:
Created notification config for gs://my-bucket.
But when objects are uploaded, no messages appear in the topic. The bucket's service agent does not have permission to publish to the topic because the topic is in a different project. GCS silently drops notifications it cannot deliver.
The Correct Approach
The right way to configure pubsub notif in GCP Cloud Storage:
gcloud projects add-iam-policy-binding topic-project --member=serviceAccount:project-1234567890@gs-project-accounts.iam.gserviceaccount.com --role=roles/pubsub.publisher && gsutil notification create -t my-topic -f json gs://my-bucket
Successful result:
Created notification config for gs://my-bucket.
Now every object creation/deletion/archive event in the bucket generates a Pub/Sub message. The storage service account has the pubsub.publisher role on the topic.
How to Prevent This
The GCS service account format is: project-{PROJECT_NUMBER}@gs-project-accounts.iam.gserviceaccount.com. Grant it roles/pubsub.publisher on the topic. Use --object-prefix to filter notifications. Use -f json for structured events. Monitor notification delivery with gcloud Pub/Sub subscriptions pull on a test subscription. Notification events include object ID, size, content type, and event type.
FAQ
Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro. Secure your cloud with DodaTech.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro