# Cloud Storage {% stepper %} {% step %} #### Grant Teleskope Access to CloudStorage Attach the following roles to the Teleskope service account you created: * roles/storage.objectViewer * roles/pubsub.subscriber * roles/pubsub.viewer * roles/storage.bucketViewer * roles/storage.legacyBucketOwner {% endstep %} {% step %} #### Create a PubSub Topic: In order for Teleskope to capture new objects without causing a full scan each time, you will need to create a PubSub topic and subscriber. **Terraform** | Variable | Description | Example | | ----------- | ------------------------------ | -------------- | | project\_id | (Required) Your GCP Project ID | "my-project-id | ``` resource "google_project_iam_member" "teleskope" { for_each = toset([ "roles/storage.objectViewer", "roles/pubsub.subscriber", "roles/pubsub.viewer", "roles/storage.bucketViewer", "roles/storage.legacyBucketOwner" ]) project = "project_id" role = each.key member = "serviceAccount:${google_service_account.teleskope.email}" } resource "google_pubsub_topic" "pubsub_teleskope" { project = "project_id" name = "teleskope" } resource "google_pubsub_subscription" "pubsub_teleskope" { name = "teleskope" project = "project_id" topic = "${google_pubsub_topic.pubsub_teleskope.name}" } ``` For each bucket, please set up cloud storage notifications to the topic created above. ``` data "google_storage_project_service_account" "gcs_account" { } resource "google_storage_notification" "notification" { bucket = "bucket_name" payload_format = "JSON_API_V1" topic = "${google_pubsub_topic.pubsub_teleskope.name}" event_types = ["OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE"] depends_on = [google_pubsub_topic_iam_binding.binding] } resource "google_pubsub_topic_iam_member" "pubsub_member" { member = "serviceAccount:${data.google_storage_project_service_account.gcs_service_account.email_address}" role = "roles/pubsub.publisher" topic = google_pubsub_topic.pubsub_teleskope.id } ``` {% endstep %} {% endstepper %}