# Connect a GCS archive bucket

This guide shows you how to configure a Google Cloud Storage (GCS) bucket to archive your Coralogix telemetry data in the **US3 (us-central1)** environment. For AWS environments, see [Connect an S3 archive bucket](https://coralogix.com/docs/user-guides/data-flow/s3-archive/connect-s3-archive/index.md).

Note

GCS archiving is currently available for the **US3** environment only (`us3.coralogix.com`, region: `us-central1`). Contact your Coralogix representative for availability in other environments.

There are two configuration options:

- **[Terraform](#terraform)**
- **[Manual](#manual-setup)**

## What you need

- A GCP project with the Cloud Storage API active.
- Permission to create buckets and manage Identity and Access Management (IAM) policies in your GCP project.

## Terraform

1.

Access the GCS archive module in the [Coralogix Terraform Registry](https://registry.terraform.io/modules/coralogix/google/coralogix/latest/submodules/gcs-archive).

2.

Create the Terraform file with the following variables.

| Variable                  | Description                                                                                           |
| ------------------------- | ----------------------------------------------------------------------------------------------------- |
| gcp_region                | The GCP region for the archive buckets. Must match the region associated with your Coralogix account. |
| coralogix_service_account | The Coralogix archive service account email. Contact your Coralogix representative to obtain this.    |
| logs_bucket_name          | Name for the logs/traces archive bucket (leave empty if not needed).                                  |
| metrics_bucket_name       | Name for the metrics archive bucket (leave empty if not needed).                                      |

**Notes**:

- Bucket names must be globally unique and follow GCP [bucket naming guidelines](https://cloud.google.com/storage/docs/buckets#naming).
- View more configuration options (CMEK, storage class, labels) in the [module documentation](https://registry.terraform.io/modules/coralogix/google/coralogix/latest/submodules/gcs-archive).

```hcl
module "gcs-archive" {
  source = "coralogix/google/coralogix//modules/v2/gcs-archive"

  gcp_region                = "us-central1"
  coralogix_service_account = "coralogix-archive@your-cx-project.iam.gserviceaccount.com"
  logs_bucket_name          = "my-coralogix-logs-archive"
  metrics_bucket_name       = "my-coralogix-metrics-archive"
}
```

3.

[Optional] Add CMEK encryption to the buckets with `logs_kms_key_name` and `metrics_kms_key_name` variables. The module will automatically grant the GCS service agent the required `roles/cloudkms.cryptoKeyEncrypterDecrypter` role on the Cloud KMS key.

4.

Create the archive buckets by saving the file and running the following commands:

```bash
terraform init

terraform apply
```

## Manual setup

### Step 1. Create a bucket

In the [Google Cloud Console](https://console.cloud.google.com/), navigate to **Cloud Storage**, then **Buckets**, and create a bucket with the following settings:

1.

Enter a name for your bucket (for example, `my-company-cx-logs`). Bucket names must be globally unique.

2.

Under **Location type**, select **Region**.

Under **Region**, select **us-central1 (Iowa)**. The bucket region must match your [Coralogix domain](https://coralogix.com/docs/user-guides/account-management/account-settings/coralogix-domain/index.md).

3.

Under **Default storage class**, keep the default: **Standard**.

Warning

Do not use Nearline, Coldline, or Archive storage classes. These incur retrieval fees every time Coralogix queries your archive.

4.

Under **Access control**, leave **Uniform** selected and keep **Enforce public access prevention** enabled.

5.

Click **Create**.

### Step 2. Grant bucket permissions to Coralogix

Coralogix needs **Storage Object Admin** access to write and read archive data. This is a cross-project IAM grant if Coralogix runs in a different GCP project than your bucket — GCP supports this natively.

1.

In the GCP Console, open your bucket and select the **Permissions** tab.

2.

Click **Grant Access**.

3.

In the **New principals** field, enter the Coralogix archive service account for the US3 environment: `coralogix-archive-us3@coralogix-prod-saas-service.iam.gserviceaccount.com`.

4.

Under **Assign roles**, select **Storage Object Admin** (`roles/storage.objectAdmin`).

5.

Click **Save**. The bucket is now ready to use.

### Step 3. Connect the bucket in Coralogix

1.

In Coralogix, select **Data Flow**, then click **Setup Archive**.

2.

Choose from two bucket options: one for logs & traces (CX data) and one for metrics. You **cannot** use the same bucket for both.

Enter the name of your GCS bucket.

3.

Click **Save**. This activates your archive storage. Find out more **[here](https://coralogix.com/docs/user-guides/data-flow/s3-archive/archive-retention-policy/index.md)**.

## How authentication works

Coralogix authenticates with GCS using GKE Workload Identity through the GCS S3-compatible API. The service account `coralogix-archive-us3@coralogix-prod-saas-service.iam.gserviceaccount.com` - no keys or credentials are exchanged. Granting this service account access in Step 2 is everything you need to do.

## Storage costs

Use **Standard** storage class to avoid retrieval fees. If you use a different storage class, GCS charges a retrieval fee each time Coralogix reads archive data.

GCS Class A and Class B API operations are also billed to your GCP project. See [GCS pricing](https://cloud.google.com/storage/pricing) for details.