diff --git a/r/storage_bucket.html.markdown b/r/storage_bucket.html.markdown
index a7eea21b..2821e558 100644
--- a/r/storage_bucket.html.markdown
+++ b/r/storage_bucket.html.markdown
@@ -17,9 +17,8 @@ Example creating a private bucket in standard storage, in the EU region.
```
resource "google_storage_bucket" "image-store" {
- name = "image-store-bucket"
- predefined_acl = "projectPrivate"
- location = "EU"
+ name = "image-store-bucket"
+ location = "EU"
website {
main_page_suffix = "index.html"
not_found_page = "404.html"
@@ -33,7 +32,8 @@ resource "google_storage_bucket" "image-store" {
The following arguments are supported:
* `name` - (Required) The name of the bucket.
-* `predefined_acl` - (Optional, Default: 'private') The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply.
+* `predefined_acl` - (Optional, Deprecated) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Please switch
+to `google_storage_bucket_acl.predefined_acl`.
* `location` - (Optional, Default: 'US') The [GCS location](https://cloud.google.com/storage/docs/bucket-locations)
* `force_destroy` - (Optional, Default: false) When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.
diff --git a/r/storage_bucket_acl.html.markdown b/r/storage_bucket_acl.html.markdown
new file mode 100644
index 00000000..b7734b06
--- /dev/null
+++ b/r/storage_bucket_acl.html.markdown
@@ -0,0 +1,36 @@
+---
+layout: "google"
+page_title: "Google: google_storage_bucket_acl"
+sidebar_current: "docs-google-resource-storage-acl"
+description: |-
+ Creates a new bucket ACL in Google Cloud Storage.
+---
+
+# google\_storage\_bucket\_acl
+
+Creates a new bucket ACL in Google cloud storage service(GCS).
+
+## Example Usage
+
+Example creating an ACL on a bucket with one owner, and one reader.
+
+```
+resource "google_storage_bucket" "image-store" {
+ name = "image-store-bucket"
+ location = "EU"
+}
+
+resource "google_storage_bucket_acl" "image-store-acl" {
+ bucket = "${google_storage_bucket.image_store.name}"
+ role_entity = ["OWNER:user-my.email@gmail.com",
+ "READER:group-mygroup"]
+}
+
+```
+
+## Argument Reference
+
+* `bucket` - (Required) The name of the bucket it applies to.
+* `predefined_acl` - (Optional) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Must be set if both `role_entity` and `default_acl` are not.
+* `default_acl` - (Optional) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply to future buckets. Must be set both `role_entity` and `predefined_acl` are not.
+* `role_entity` - (Optional) List of role/entity pairs in the form `ROLE:entity`. See [GCS Bucket ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls) for more details. Must be set if both `predefined_acl` and `default_acl` are not.
diff --git a/r/storage_bucket_object.html.markdown b/r/storage_bucket_object.html.markdown
index 76e4b7c5..61b32823 100644
--- a/r/storage_bucket_object.html.markdown
+++ b/r/storage_bucket_object.html.markdown
@@ -20,7 +20,6 @@ resource "google_storage_bucket_object" "picture" {
name = "butterfly01"
source = "/images/nature/garden-tiger-moth.jpg"
bucket = "image-store"
- predefined_acl = "publicRead"
}
```
@@ -32,7 +31,8 @@ The following arguments are supported:
* `name` - (Required) The name of the object.
* `bucket` - (Required) The name of the containing bucket.
* `source` - (Required) A path to the data you want to upload.
-* `predefined_acl` - (Optional, Default: 'projectPrivate') The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) apply.
+* `predefined_acl` - (Optional, Deprecated) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) apply. Please switch
+to `google_storage_object_acl.predefined_acl`.
## Attributes Reference
diff --git a/r/storage_object_acl.html.markdown b/r/storage_object_acl.html.markdown
new file mode 100644
index 00000000..9f04d484
--- /dev/null
+++ b/r/storage_object_acl.html.markdown
@@ -0,0 +1,43 @@
+---
+layout: "google"
+page_title: "Google: google_storage_object_acl"
+sidebar_current: "docs-google-resource-storage-acl"
+description: |-
+ Creates a new object ACL in Google Cloud Storage.
+---
+
+# google\_storage\_object\_acl
+
+Creates a new object ACL in Google cloud storage service (GCS)
+
+## Example Usage
+
+Create an object ACL with one owner and one reader.
+
+```
+resource "google_storage_bucket" "image-store" {
+ name = "image-store-bucket"
+ location = "EU"
+}
+
+resource "google_storage_bucket_object" "image" {
+ name = "image1"
+ bucket = "${google_storage_bucket.name}"
+ source = "image1.jpg"
+}
+
+resource "google_storage_object_acl" "image-store-acl" {
+ bucket = "${google_storage_bucket.image_store.name}"
+ object = "${google_storage_bucket_object.image_store.name}"
+ role_entity = ["OWNER:user-my.email@gmail.com",
+ "READER:group-mygroup"]
+}
+
+```
+
+## Argument Reference
+
+* `bucket` - (Required) The name of the bucket it applies to.
+* `object` - (Required) The name of the object it applies to.
+* `predefined_acl` - (Optional) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Must be set if `role_entity` is not.
+* `role_entity` - (Optional) List of role/entity pairs in the form `ROLE:entity`. See [GCS Object ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls) for more details. Must be set if `predefined_acl` is not.