Setting up storage bucket resources for Google Cloud Platform

vRealize Automation supports Google Cloud Platform (GCP) storage buckets allowing users to quickly and easily create and manage their storage resources. vRealize Automation storage bucket support includes the creation of multi-regional/dual-regional storage buckets, restricted public access, and encryption.

You create storage buckets using Cloud Assembly cloud templates and you deploy these cloud templates in the typical manner using the Cloud Assembly Design tab functionality. After you deploy a cloud template you can check the GCP portal to confirm that the storage bucket was provisioned sucessfully.

The following are required properties for storage bucket cloud templates.

Storage bucket name - There are some limitations on the storage bucket name construction. See the following page for detailed information: https://cloud.google.com/storage/docs/buckets
locationType - one of {SINGLE_REGION, DUAL_REGION, MULTI_REGION"} If the locationType is either DUAL_REGION or MULTI_REGION - regionID property is also MANDATORY There are different values of the regionId, depending on the locationType, more details: https://cloud.google.com/storage/docs/locations
storageClass - one of {STANDARD, NEARLINE, COLDLINE, ARCHIVE, REGIONAL, MULTI_REGIONAL, DURABLE_REDUCED_AVAILABILITY}

If you want to create storage buckets with restricted public access and that are encrypted by CMEK, there are some prerequisites as described in the following link: https://cloud.google.com/storage/docs/encryption/using-customer-managed-keys

Note: The customer-managed encryption key must be located in the same region as the storage bucket.

Storage bucket cloud template examples

The following cloud template examples demonstrate some typical approaches to creating storage buckets using Cloud Assembly cloud templates.

The following cloud template example shows how you might create a simple single region storage bucket.

formatVersion: 1
inputs: {}
resources:
  Cloud_GCP_StorageBucket_1:
    type: Cloud.GCP.StorageBucket
    properties:
      name: simple-storage-bucket
      locationType: SINGLE_REGION
      storageClass: STANDARD

The following cloud template example demonstrates restricted public access using an encryption key.

formatVersion: 1
inputs: {}
resources:
  Cloud_GCP_StorageBucket_1:
    type: Cloud.GCP.StorageBucket
    properties:
      name: encrypted-storage-bucket
      storageClass: STANDARD
      locationType: SINGLE_REGION
      kmsKey:
        kmsProjectId: gcp
        keyRingRegion: asia-east1
        keyRing: asia-key
        keyName: asia-east-key

The following cloud template example demonstrates how you might create a multi-region storage bucket.

formatVersion: 1
inputs: {}
resources:
  Cloud_GCP_StorageBucket_1:
    type: Cloud.GCP.StorageBucket
    properties:
      name: multi-regional-sb
      locationType: MULTI_REGION
      storageClass: STANDARD
      regionId: EU

The following cloud temnplate shows an example of dual-regional storage bucket implementation.

formatVersion: 1
inputs: {}
resources:
 Cloud_GCP_StorageBucket_1:
    type: Cloud.GCP.StorageBucket
 properties:
  name: dual-regional-sb
  storageClass: NEARLINE
  locationType: DUAL_REGION
  regionId: ASIA
  locations:
   - ASIA-EAST1
   - ASIA-SOUTHEAST1