Set up a project and permissions

Stay organized with collections Save and categorize content based on your preferences.

This page shows how to create a Google Cloud project, enable AML AI, create authentication credentials, and grant your account one or more IAM roles.

1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
2. Install the Google Cloud CLI.

3. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

4. To initialize the gcloud CLI, run the following command:

   gcloud init

5. Create or select a Google Cloud project.

   • Create a Google Cloud project:

     gcloud projects create PROJECT_ID

     Replace PROJECT_ID with a name for the Google Cloud project you are creating.

   • Select the Google Cloud project that you created:

     gcloud config set project PROJECT_ID

     Replace PROJECT_ID with your Google Cloud project name.

6. Make sure that billing is enabled for your Google Cloud project.

7. Enable the required APIs:

   gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com

8. If you're using a local shell, then create local authentication credentials for your user account:

   gcloud auth application-default login

   You don't need to do this if you're using Cloud Shell.

   If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.

9. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin

   gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE

   • Replace PROJECT_ID with your project ID.

   • Replace USER_IDENTIFIER with the identifier for your user account. For example, user:myemail@example.com.

   • Replace ROLE with each individual role.
10. Install the Google Cloud CLI.

11. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

12. To initialize the gcloud CLI, run the following command:

    gcloud init

13. Create or select a Google Cloud project.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

14. Make sure that billing is enabled for your Google Cloud project.

15. Enable the required APIs:

    gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com

16. If you're using a local shell, then create local authentication credentials for your user account:

    gcloud auth application-default login

    You don't need to do this if you're using Cloud Shell.

    If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.

17. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin

    gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE

    • Replace PROJECT_ID with your project ID.

    • Replace USER_IDENTIFIER with the identifier for your user account. For example, user:myemail@example.com.

    • Replace ROLE with each individual role.
These roles fulfill the following required permissions:

Required permissions

The following permissions are required to complete the quickstart and are needed to perform many vital operations in AML AI.

Permission	Description
resourcemanager.projects.get	Get a Google Cloud project
resourcemanager.projects.list	List Google Cloud projects
cloudkms.keyRings.create	Create a Cloud KMS key ring
cloudkms.cryptoKeys.create	Create a Cloud KMS key
financialservices.v1instances.create	Create an AML AI instance
financialservices.operations.get	Get an AML AI operation
cloudkms.cryptoKeys.getIamPolicy	Get the IAM policy on a Cloud KMS key
cloudkms.cryptoKeys.setIamPolicy	Set the IAM policy on a Cloud KMS key
bigquery.datasets.create	Create a BigQuery dataset
bigquery.datasets.get	Get a BigQuery dataset
bigquery.transfers.get	Get a BigQuery Data Transfer Service transfer
bigquery.transfers.update	Create or delete a BigQuery Data Transfer Service transfer
bigquery.datasets.setIamPolicy	Set the IAM policy on a BigQuery dataset
bigquery.datasets.update	Update a BigQuery dataset
financialservices.v1datasets.create	Create an AML AI dataset
financialservices.v1engineconfigs.create	Create an AML AI engine config
financialservices.v1models.create	Create an AML AI model
financialservices.v1backtests.create	Create an AML AI backtest result
financialservices.v1backtests.exportMetadata	Export metadata from an AML AI backtest result
financialservices.v1instances.importRegisteredParties	Import registered parties into an AML AI instance
financialservices.v1predictions.create	Create an AML AI prediction result
bigquery.jobs.create	Create a BigQuery job
bigquery.tables.getData	Get data from a BigQuery table
financialservices.v1predictions.delete	Delete an AML AI prediction result
financialservices.v1backtests.delete	Delete an AML AI backtest result
financialservices.v1models.delete	Delete an AML AI model
financialservices.v1engineconfigs.delete	Delete an AML AI engine config
financialservices.v1datasets.delete	Delete an AML AI dataset
financialservices.v1instances.delete	Delete an AML AI instance
bigquery.datasets.delete	Delete a BigQuery dataset