Deploy to Trusted Cloud by S3NS
This page summarizes general requirements for deploying artifacts to
Trusted Cloud by S3NS runtime environments.
There are two forms of access control to consider:
- IAM permissions
- Identity and Access Management permissions determine the users, service accounts and other
identities that can access
resources. You grant
Artifact Registry permissions
to identities that can access repositories.
- Access scopes
- Access scopes determine the
default OAuth scopes for requests made through the gcloud CLI and client
libraries on a VM instance. As a result, access scopes can further limit
access to API methods when authenticating with
application default credentials.
Trusted Cloud runtime environments are preconfigured with access to
repositories in the same project. You must configure or modify permissions
yourself if:
- You are using a service account in one project to access
Artifact Registry in a different project
- You are using a service account with read-only access to storage, but
you want the service account to both upload and download artifacts
- You are using a custom service account to interact with
Artifact Registry.
For service-specific requirements, refer to the following information:
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-07 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThis page outlines the general requirements for deploying artifacts to Google Cloud runtime environments.\u003c/p\u003e\n"],["\u003cp\u003eAccess to resources is controlled through IAM permissions, determining which identities can access repositories.\u003c/p\u003e\n"],["\u003cp\u003eAccess scopes further limit API method access when authenticating with application default credentials.\u003c/p\u003e\n"],["\u003cp\u003eGoogle Cloud environments have default access to repositories in the same project, requiring manual configuration for cross-project access or service accounts with modified permissions.\u003c/p\u003e\n"],["\u003cp\u003eService-specific deployment requirements can be found for App Engine, Cloud Run, Compute Engine, and Google Kubernetes Engine.\u003c/p\u003e\n"]]],[],null,[]]
