Optimized for: Gemini / ChatGPT / Claude
Advanced AI Prompt for Google Cloud Storage Signed URL Service Account Role
Use this engineered prompt to drastically optimize your workflow and output.
Required Variables
- ✦
[BUCKET_NAME] - ✦
[SERVICE_ACCOUNT_NAME] - ✦
[PROJECT_ID]
advanced-ai-prompt-gcs-signed-url-iam.txt
As a Security Architect, define the minimal IAM roles needed for a service account [SERVICE_ACCOUNT_NAME] to generate GCS Signed URLs for [BUCKET_NAME]. Create a custom role that includes only 'storage.objects.get' and 'storage.objects.list'. Provide the YAML for a project-level IAM member binding and explain why the 'iam.serviceAccounts.signBlob' permission is required on the service account itself.
Example Output
"The AI details the IAM binding for the bucket and the specific permission needed on the service account resource to sign the URL."