Set up Google Cloud Storage for AODocs

This article is for IT administrators who want to configure their own custom buckets for use when users create Document Management libraries using Google Cloud Storage.

If you’re using Google Cloud Storage as the storage platform for the attachments in your Document Management libraries, you have a choice between using: 

  • One or more AODocs Google Cloud Storage buckets
    One bucket is created for each document class in your library. A bucket is created when you create your library and each time you create a document class.
  • A single custom Google Cloud Storage bucket
    A single bucket that you create and manage stores all the attachments of your library. This bucket must exist already and be correctly configured as outlined in this article.

Learn more: Define where to store the attachments in your library.

This article explains how to configure a single custom bucket for use with AODocs. 

Automatically generated table of contents


Service agent

You must activate the Google Cloud Storage service agent.

You can do this by requesting the service agent’s name, using this procedure.

Service account permissions

The AODocs service account depends on the AODocs instance you are using.

  • (US instance)
  • (EU instance)

Learn more: What are AODocs instances?

The service account must have the following permissions on the bucket:

  • storage.objects.create
  • storage.objects.get
  • storage.objects.update
  • storage.objects.delete
  • storage.buckets.get

To simplify the setup, you can also give the AODocs service account the following permission on the bucket: storage.buckets.update

Set these permissions in the Google Cloud Platform console.

Learn more: 

Cross-origin resource sharing (CORS) configuration

If the service account has the storage.buckets.update permission, the CORS configuration is set automatically. If this is not the case, set the following CORS configuration for the bucket manually.

US instance:

 "origin":  [""],
 "method": ["POST","GET","PUT"],
 "responseHeader": ["*"],
 "maxAgeSeconds": 3600

EU instance:

 "origin":  [""],
 "method": ["POST","GET","PUT"],
 "responseHeader": ["*"],
 "maxAgeSeconds": 3600

Learn more: Configure cross-origin resource sharing (CORS).

Pub/Sub notifications

If the service account has the storage.buckets.update permission, the Pub/Sub notifications are set automatically. If this is not the case, add the following Pub/Sub notification to the bucket’s configuration:

gcs_to_oss_notification topic, with JSON_API_V1 payload format.

Learn more: Configure Pub/Sub notifications for Cloud Storage.


Deactivate object versioning on the bucket. AODocs uses its own built-in versioning mechanism that doesn’t rely on the storage system.

Retention policy

AODocs doesn’t currently support buckets with a Google Cloud Services retention policy. Learn more in the Google Help Center: Retention policies and retention policy locks.

However, the AODocs Retention Module lets you apply retention policies regardless of the storage platform you're using.


You must set the bucket to use either a:

Note: AODocs doesn't currently support Customer-Supplied Encryption Keys.

Set the encryption in the bucket settings in the Google Cloud Console.



For compliance and safety reasons, we recommend that only the AODocs service account has access to the bucket.

Giving access to other accounts will not prevent the integration from functioning in any way, but if these accounts update or delete files in the bucket, this could lead to issues within AODocs (mainly these attachments no longer being accessible).

Use the custom bucket URI

You must enter the bucket's URI when you create a Document Management library in AODocs.

You can find the bucket's URI in the Google Cloud Console. The format is gs://mybucket.


Was this article helpful? 3 out of 3 found this helpful
If you didn’t find what you were looking for, don’t hesitate to leave a comment!
Have more questions? Submit a request



Please sign in to leave a comment.