Google Cloud Storage private access

I was able to expose my Google Cloud Storage public bucket via Cloudflare DNS (proxy). I am still a bit concerned about my bucket being exposed to the public, so still one can reach my assets directly bypassing Cloudflare CDN and increasing data egress costs. I am wondering if there is a way to set up connection between GCS and CF with some authentication, so GCS bucket is not publicly available but still reachable via domain set up on CF.

Is sth like that possible with Cloudflare?

I’ve setup a Cloudflare Worker in the past that fetches the GCS bucket using API keys personally so it can remain private.

Connecting to Google Storage looks to be a good guide on it since I threw away the code haha.

Thanks @KianNH, but I am asking about DNS setup and not Cloudflare Worker.

Any authentication will happen over HTTP and that is completely separate to DNS - so to answer the question of if you can introduce authentication with DNS, no.

Even if you were to use Transform Rules to add the appropiate Authorization header into requests, you would need to be refreshing your oauth token constantly which you might as well do in a Worker at that point anyways.


Hi @KianNH
Actually I now understand your idea with the Worker resolving Authorization header - thank you, do you maybe know if Worker will be spawned in case of serving response from CDN cache?

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.