Set up Gemini Cloud Assist in Cloud Billing

To set up Gemini Cloud Assist in Cloud Billing, perform the steps in this document:

1. Enable the Gemini for Google Cloud API in a Google Cloud project. An administrator typically performs this step.

2. In the Google Cloud project, grant Identity and Access Management (IAM) roles to the same users who access Cloud Billing reports. An administrator typically performs this step.

3. For users who need access to Cloud Billing reports and Gemini Cloud Assist in Cloud Billing, grant IAM roles in the Cloud Billing account that is linked to the project where the Gemini for Google Cloud API is enabled. An administrator typically performs this step.

Enable the Gemini for Google Cloud API in a Google Cloud project

This section describes the steps required to enable the Gemini for Google Cloud API in a Google Cloud project.

After you enable the Gemini for Google Cloud API in the specified Google Cloud project, Gemini Cloud Assist is now available to all users who have the required IAM roles on the specified project.

Grant IAM roles in a Google Cloud project

This section describes the steps to grant the required project permissions to use Gemini Cloud Assist. In the Google Cloud project where you enabled the Gemini for Google Cloud API, grant the following IAM roles to users (principals) on the project:

• Gemini for Google Cloud User
• Service Usage Consumer

All of the users (principals) who have been granted these roles can access Gemini for Google Cloud features in the Google Cloud console within the specified project. If the project users also have access to view Cloud Billing Reports, they can use Gemini Cloud Assist in Cloud Billing Reports to get AI assistance to create cost reports and to summarize key insights from the cost reports. For more information, see Gemini Cloud Assist in Cloud Billing overview.

Advanced IAM setup tasks for projects

Instead of using the Google Cloud console or the gcloud CLI to grant predefined IAM roles on a project, you can do any of the following:

• Use IAM REST APIs or IAM client libraries to grant roles.

  If you use these interfaces, use the fully qualified role names:

  • roles/cloudaicompanion.user
  • roles/serviceusage.serviceUsageConsumer

  For more information about granting roles, see Manage access to projects, folders, and organizations.

• Create and grant custom roles.

  Any custom roles for project permissions that you create need the following permissions to access Gemini for Google Cloud:

  • cloudaicompanion.companions.generateChat
  • cloudaicompanion.companions.generateCode
  • serviceusage.services.use

Grant IAM roles in a Cloud Billing account

For users who need access to Cloud Billing reports, you need to grant permissions on the Cloud Billing account that are adequate to access the Reports page. To use Gemini Cloud Assist in the billing report, grant access to the Cloud Billing account that is linked to the project where the Gemini for Google Cloud API is enabled.

• Required permissions: for detailed guidance about the permissions required to access billing reports, see the Permissions required to access reports section available in the "Analyze billing data and cost trends with Reports" article.

• Grant access: for guidance on how to grant access to a Cloud Billing account, see the Update user permissions for a Cloud Billing account section available in the "Manage access to Cloud Billing accounts" article.

What's next

• Learn more about AI assistance that's available in Gemini Cloud Assist in Cloud Billing.
• Learn more about the different types of generative AI assistance available in Gemini for Google Cloud.
• Learn how Gemini for Google Cloud uses your data.
• Learn more about Google Cloud compliance.