问题
Is it possible for an IoT device on Google Cloud Platform to upload a file to the cloud somehow? In this case it's not exactly a telemetry data publishing. A direct access to the bucket could be useful. Either that or access to my AppEngine-based application, but if I upload it to my app (that will in the next step put the file into a bucket), how can I possibly authenticate the device to make sure that the device that sends it to me is actually the device it claims to be?
回答1:
How big of a file? What's the device?
One of the big advantages of using Cloud IoT Core is that it handles the security piece so you don't have to think about that part. You can send any Base64 encoded data, so sending a file should be fine. The problem is the quota on size. Only 256KB per message, so you might need to break down the file into parts before sending and reassemble on the other side if they're big files.
The other way you could go is use IAM and service accounts as security and have the device speak directly to one of the other services like Cloud Storage. As you say, that does make authentication more difficult on device because it's using a bearer token (service_account.json). The service account can be heavily limited in its authority though (e.g. write-only to a specific Cloud Storage bucket) to limit what it could do if it were compromised.
回答2:
I managed to solve the problem by passing a Signed URL to the device via the configuration. https://cloud.google.com/storage/docs/access-control/signed-urls
来源:https://stackoverflow.com/questions/50774544/how-can-an-iot-device-upload-a-file-to-the-cloud