I have a Google Storage bucket that I want to make accessible (anonymous, read-only) to a specific set of internet IP's (whitelist)
I can expose the bucket with a load balancer, but I have not been able to find a way to apply any firewall/IP rules to it.
A Cloud Armor policy can only be applied to backend services not backend buckets.
And the GCP firewall rules only apply to virtual instances.
There isn't any option to do this specific ask as of yet. GCS buckets are mainly controlled through ACLs. However, with Cloud Armor in Beta, this would be a perfect time for a feature request to include backend buckets as targets.