Your first FTP/sftp to GCS service

This article explains how to create a new DocEvent Simple FTP Service which allows you to access your GCS bucket using FTP or sftp clients.

There are 2 main sections in the article

1. Create the keys and bucket in GCS
2. Create the Simple FTP Service in DocEvent

Create the keys and bucket in GCS

Login to your Google Cloud Platform, then you will need to create a Service Account, you can do this by selecting service accounts from the left panel:

Then choose to create a new service account:

Enter the service account name you wish to use, save this for later, in this example we will use my-test-account, then click Create and continue:

Provide the Storage Admin role to this service account, you can find it by entering Storage Admin in the filter section:

Once you add the Storage Admin role, click Done:
Note - You can optionally add IAM Conditions on access here if you require

At this point your Service Account has been created, you will now need to generate an API key to download as a JSON file in order to import into the DocEvent configuration page.  To do this click on the actions button and select manage keys:

You will need to select the option to add key then create new key:

Select the JSON export when creating the private key and click create:

Next you can create a new bucket, this is done from the main Cloud Storage page in GCP and selecting buckets:

Select Create bucket:

Give your bucket a name - don't forget the name of your bucket, you'll need this later:

Next you'll have to add permissions to the bucket, to allow the service account (that was created at the beginning of the tutorial to have the correct permissions), which is the Storage Bucket Legacy Owner.  To do this select the Permissions tab:

You will notice that your service account is already listed as having some permissions in the bucket (see my-test-account) below.  You'll need to grant some new permissions to this account, so click Grant Access:

Enter the service account in the New principles section, you will need to click and find the principle after you start typing it, then select the Storage Legacy Bucket Owner role for this principle.

Once you've completed this step and clicked Done at the end, you're ready for the next step.  Adding the configuration into DocEvent.

Create the Simple FTP Service in DocEvent

From the previous step, you should have:

1. The name of the bucket you created
2. The JSON file downloaded onto your computer of the service account API key

Go to the DocEvent management page, and create a new Simple FTP Service for your GCS bucket.

Enter the bucket name, click to upload the service account key (using the JSON file you created above), then click Verify access

Access verification should work!  You're ready to go, in the final steps just enter the appropriate information you need for your service:

• Service name - A short name for the service that you can remember it by
• Description - General description of what it is for
• Username - the first username for the service for a user to login via sftp or FTP
• Password - the password for the first user
• You can leave the others as the default for now

And that's it you're ready to connect your GCS bucket to FTP and sftp!