Skip to main content
  1. CloudM
  2. Migrate
  3. Perform a Migration
  4. Configure your Connections
  5. Connection Setup
  6. Environment Configuration Guides

Configuring Google Cloud Storage as a Destination

Updated

Overview

 

To migrate data to Google Cloud Storage, you must first create a destination "bucket" and grant the CloudM Migrate service account the necessary permissions to write data into it.

This guide covers the required steps:

  1. Create a Storage Bucket: Setting up the new location for your migrated data.
  2. Grant Bucket Permissions: Allowing the CloudM Migrate service account to add objects to the new bucket.
  3. Configure KMS Key Permissions: An optional step for encrypting the new data with a customer-managed encryption key (CMEK).

 

Prerequisites

 

Before you begin, ensure you have the following:

  • A Google Cloud Project with the Storage API enabled.
  • The email address of the Service Account you created specifically for CloudM Migrate.

 

Step 1: Create a Storage Bucket

 

  1. Navigate to the Google Cloud Console.
  2. Using the navigation menu (☰), go to Cloud Storage > Buckets.
  3. Click Create Bucket.
  4. Follow the on-screen instructions to name and configure your bucket (e.g., location, storage class).
    • Important: Make a note of the bucket name, as you will need it for your CloudM Migrate configuration.
  5. Click Create.

 

Step 2: Grant Write Permissions to the Service Account

 

Now that the bucket exists, you must authorize the CloudM Migrate service to write data to it.

  1. From the Storage Browser, locate the bucket you just created.
  2. Click the vertical three-dots menu (⋮) on the right-hand side of your bucket's row and select Edit access.
  3. Click the Add Principal button.
  4. In the New members field, paste the email address of your CloudM Migrate Service Account.
  5. In the Select a role dropdown menu, search for and select the Storage Object Admin role. This role provides the necessary permissions to create and manage objects in the bucket.
  6. Click Save.

 

Step 3: Configure KMS Key Permissions for Encryption (Optional)

 

Complete this step only if you want to encrypt the migrated data using a customer-managed KMS key.

  1. First, identify your project's Cloud Storage Service Account.
    • In the Google Cloud Console, navigate to Cloud Storage > Settings.
    • Under the Cloud Storage Service Account section, copy the Service Account email address.
  2. Next, navigate to the KMS key settings.
    • Using the navigation menu (☰), go to Security > Key Management
  3. Select the Key Ring and then the specific Key you want to use for encryption.
  4. In the right-hand panel, select the Permissions tab. If the panel is not visible, click Show Info Panel.
  5. Click the Add Member button.
  6. In the New members field, paste the Cloud Storage Service Account email address you copied in step 1.
  7. In the Select a role dropdown menu, search for and select the Cloud KMS CryptoKey Encrypter/Decrypter role.
  8. Click Save.

Your Google Cloud Storage bucket is now correctly configured as a migration destination. If using the KMS Key, this can be setup within the destination settings in the batch configuration.

Was this article helpful?
0 out of 0 found this helpful