diff --git a/docs/sources/installation/configuration.md b/docs/sources/installation/configuration.md
index bafea2e1164..e931224cac3 100644
--- a/docs/sources/installation/configuration.md
+++ b/docs/sources/installation/configuration.md
@@ -683,6 +683,8 @@ basic auth password
 Path to JSON key file associated with a Google service account to authenticate and authorize.
 Service Account keys can be created and downloaded from https://console.developers.google.com/permissions/serviceaccounts.
 
+Service Account should have "Storage Object Writer" role.
+
 ### bucket name
 Bucket Name on Google Cloud Storage. 
 
diff --git a/pkg/components/imguploader/gcpuploader.go b/pkg/components/imguploader/gcsuploader.go
similarity index 97%
rename from pkg/components/imguploader/gcpuploader.go
rename to pkg/components/imguploader/gcsuploader.go
index 892dadbf2ad..7194c0828bf 100644
--- a/pkg/components/imguploader/gcpuploader.go
+++ b/pkg/components/imguploader/gcsuploader.go
@@ -39,7 +39,7 @@ func (u *GCSUploader) Upload(imageDiskPath string) (string, error) {
 
 	log.Debug("Creating JWT conf")
 
-	conf, err := google.JWTConfigFromJSON(data, "https://www.googleapis.com/auth/devstorage.full_control")
+	conf, err := google.JWTConfigFromJSON(data, "https://www.googleapis.com/auth/devstorage.read_write")
 	if err != nil {
 		return "", err
 	}
diff --git a/pkg/components/imguploader/gcpuploader_test.go b/pkg/components/imguploader/gcsuploader_test.go
similarity index 100%
rename from pkg/components/imguploader/gcpuploader_test.go
rename to pkg/components/imguploader/gcsuploader_test.go