Crea buckets de almacenamiento WORM para proyectos
Organiza tus páginas con colecciones
Guarda y categoriza el contenido según tus preferencias.
En esta página, se muestra cómo crear buckets WORM de almacenamiento aislados de Google Distributed Cloud (GDC).
Antes de comenzar
Un espacio de nombres del proyecto administra los recursos del bucket en el servidor de la API de Management. Debes tener un proyecto para trabajar con buckets y objetos.
También debes tener los permisos de bucket adecuados para realizar la siguiente operación. Consulta Cómo otorgar acceso al bucket.
Crea un bucket WORM
Un bucket WORM garantiza que nada más reemplace los objetos y los retiene durante un período mínimo. El registro de auditoría es un ejemplo de caso de uso para un bucket WORM.
Sigue estos pasos para crear un bucket WORM:
Establece un período de retención cuando crees el bucket. Por ejemplo, el siguiente bucket de ejemplo tiene un período de retención de 365 días.
[[["Fácil de comprender","easyToUnderstand","thumb-up"],["Resolvió mi problema","solvedMyProblem","thumb-up"],["Otro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Información o código de muestra incorrectos","incorrectInformationOrSampleCode","thumb-down"],["Faltan la información o los ejemplos que necesito","missingTheInformationSamplesINeed","thumb-down"],["Problema de traducción","translationIssue","thumb-down"],["Otro","otherDown","thumb-down"]],["Última actualización: 2025-09-04 (UTC)"],[[["\u003cp\u003eThis page provides instructions on creating air-gapped storage WORM buckets within Google Distributed Cloud (GDC).\u003c/p\u003e\n"],["\u003cp\u003eCreating a WORM bucket requires setting a retention period, which dictates the minimum time objects are retained and cannot be overwritten or deleted.\u003c/p\u003e\n"],["\u003cp\u003eYou must have a project namespace to manage bucket resources, as well as appropriate bucket permissions, before creating a WORM bucket.\u003c/p\u003e\n"],["\u003cp\u003eYou can grant read-only access to the bucket by assigning the \u003ccode\u003eproject-bucket-object-viewer\u003c/code\u003e role, while write access can be granted using the \u003ccode\u003eproject-bucket-object-admin\u003c/code\u003e role.\u003c/p\u003e\n"]]],[],null,["# Create storage WORM buckets for projects\n\nThis page shows you how to create Google Distributed Cloud (GDC) air-gapped storage WORM buckets.\n\nBefore you begin\n----------------\n\nA project namespace manages bucket resources in the Management API server. You\nmust have a [project](/distributed-cloud/hosted/docs/latest/gdch/platform/pa-user/project-management) to work with buckets and objects.\n\nYou must also have the appropriate bucket permissions to perform the following\noperation. See [Grant bucket access](/distributed-cloud/hosted/docs/latest/gdch/application/ao-user/grant-obtain-storage-access#grant_bucket_access).\n\nCreate a WORM bucket\n--------------------\n\nA WORM bucket ensures that nothing else overwrites objects and it retains them for\na minimum period of time. Audit logging is an example use case for a WORM bucket.\n| **Note:** If you attempt to overwrite an object in a WORM bucket, you will add a new version of the object. Only after a WORM object's retention period, as dictated by the bucket locking policy, is over can you proceed with object, bucket, and project deletion.\n\nTake the following steps to create a WORM bucket:\n\n1. Set a retention period when creating the bucket. For example, the following\n example bucket has a retention period of 365 days.\n\n apiVersion: object.gdc.goog/v1\n kind: Bucket\n metadata:\n name: foo logging-bucket\n namespace: foo-service\n spec:\n description: \"Audit logs for foo\"\n storageClass: Standard\n bucketPolicy:\n lockingPolicy:\n defaultObjectRetentionDays: 365\n\n2. Grant the `project-bucket-object-viewer` role to all users who need read-only\n access:\n\n apiVersion: rbac.authorization.k8s.io/v1\n kind: RoleBinding\n metadata:\n namespace: foo-service\n name: object-readonly-access\n roleRef:\n kind: Role\n name: project-bucket-object-viewer\n apiGroup: rbac.authorization.k8s.io\n subjects:\n - kind: ServiceAccount\n namespace: foo-service\n name: foo-log-processor\n - kind: User\n name: bob@example.com\n apiGroup: rbac.authorization.k8s.io\n\n3. Grant the `project-bucket-object-admin` role to users who need to write\n content to the bucket:\n\n apiVersion: rbac.authorization.k8s.io/v1\n kind: RoleBinding\n metadata:\n namespace: foo-service\n name: object-write-access\n roleRef:\n kind: Role\n name: project-bucket-object-viewer\n apiGroup: rbac.authorization.k8s.io\n subjects:\n - kind: ServiceAccount\n namespace: foo-service\n name: foo-service-account"]]