As I was facing this again trying to create amp pages for my main site
www.tekartik.com, here is a concrete example for my changes
Adding the proper DNS redirection in my domain provider (OVH in my case)
www.tekartik.com. CNAME c.storage.googleapis.com.
This was first giving the error:
<Error>
<Code>AccessDenied</Code>
<Message>Access denied.</Message>
<Details>Anonymous callers do not have storage.objects.list access to bucket www.tekartik.com.</Details>
</Error>
the solution was to configure my bucket as a
website configuration:
gsutil web set -m index.html -e 404.html gs://www.tekartik.com
And to make all files I add public by default and not worry about ACL anymore, I can use
gsutil defacl ch -u AllUsers:R gs://www.tekartik.com
To make previous imported files public, I can use
gsutil -m acl -r set public-read gs://www.tekartik.com