En esta página, se muestra cómo crear un proyecto Google Cloud , habilitar la IA de AML, crear credenciales de autenticación y otorgar a tu cuenta uno o más roles de IAM.
Googlers: Esta nota solo es visible para los Googlers.
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
Install the Google Cloud CLI.
-
Si usas un proveedor de identidad externo (IdP), primero debes acceder a gcloud CLI con tu identidad federada.
-
Para inicializar gcloud CLI, ejecuta el siguiente comando:
gcloud init -
Create or select a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
-
Create a project: To create a project, you need the Project Creator
(
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_IDwith a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_IDwith your Google Cloud project name.
-
Verify that billing is enabled for your Google Cloud project.
-
Enable the required APIs:
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles.gcloud services enable financialservices.googleapis.com
bigquery.googleapis.com cloudkms.googleapis.com -
If you're using a local shell, then create local authentication credentials for your user account:
gcloud auth application-default login
You don't need to do this if you're using Cloud Shell.
If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.
-
Grant roles to your user account. Run the following command once for each of the following IAM roles:
roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admingcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE
Replace the following:
PROJECT_ID: your project ID.USER_IDENTIFIER: the identifier for your user account—for example,myemail@example.com.ROLE: the IAM role that you grant to your user account.
-
Install the Google Cloud CLI.
-
Si usas un proveedor de identidad externo (IdP), primero debes acceder a gcloud CLI con tu identidad federada.
-
Para inicializar gcloud CLI, ejecuta el siguiente comando:
gcloud init -
Create or select a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
-
Create a project: To create a project, you need the Project Creator
(
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission. Learn how to grant roles.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_IDwith a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_IDwith your Google Cloud project name.
-
Verify that billing is enabled for your Google Cloud project.
-
Enable the required APIs:
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles.gcloud services enable financialservices.googleapis.com
bigquery.googleapis.com cloudkms.googleapis.com -
If you're using a local shell, then create local authentication credentials for your user account:
gcloud auth application-default login
You don't need to do this if you're using Cloud Shell.
If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.
-
Grant roles to your user account. Run the following command once for each of the following IAM roles:
roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admingcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE
Replace the following:
PROJECT_ID: your project ID.USER_IDENTIFIER: the identifier for your user account—for example,myemail@example.com.ROLE: the IAM role that you grant to your user account.
Permisos necesarios
Se requieren los siguientes permisos para completar la guía de inicio rápido y realizar muchas operaciones vitales en AML AI.
| Permiso | Descripción |
|---|---|
resourcemanager.projects.get | Obtén un Google Cloud proyecto |
resourcemanager.projects.list | List Google Cloud projects |
cloudkms.keyRings.create | Crea un llavero de claves de Cloud KMS |
cloudkms.cryptoKeys.create | Crea una clave de Cloud KMS |
financialservices.v1instances.create | Crea una instancia de la IA contra lavado de dinero |
financialservices.operations.get | Obtén una operación de IA contra lavado de dinero |
cloudkms.cryptoKeys.getIamPolicy | Obtén la política de IAM de una clave de Cloud KMS |
cloudkms.cryptoKeys.setIamPolicy | Establece la política de IAM en una clave de Cloud KMS |
bigquery.datasets.create | Crea un conjunto de datos de BigQuery |
bigquery.datasets.get | Obtén un conjunto de datos de BigQuery |
bigquery.transfers.get | Obtén una transferencia del Servicio de transferencia de datos de BigQuery |
bigquery.transfers.update | Crea o borra una transferencia del Servicio de transferencia de datos de BigQuery |
bigquery.datasets.setIamPolicy | Configura la política de IAM en un conjunto de datos de BigQuery |
bigquery.datasets.update | Actualiza un conjunto de datos de BigQuery |
financialservices.v1datasets.create | Crea un conjunto de datos de IA contra lavado de dinero |
financialservices.v1engineconfigs.create | Crea una configuración del motor de IA contra lavado de dinero |
financialservices.v1models.create | Crea un modelo de IA contra lavado de dinero |
financialservices.v1backtests.create | Crea un resultado de prueba retrospectiva de la IA contra lavado de dinero |
financialservices.v1backtests.exportMetadata | Exporta metadatos desde el resultado de una prueba de simulación retrospectiva de la IA de AML |
financialservices.v1instances.importRegisteredParties | Importa las partes registradas a una instancia de IA de AML |
financialservices.v1predictions.create | Crea un resultado de predicción de la IA contra lavado de dinero |
bigquery.jobs.create | Crea un trabajo de BigQuery |
bigquery.tables.getData | Obtén datos de una tabla de BigQuery |
financialservices.v1predictions.delete | Borra el resultado de una predicción de IA de AML |
financialservices.v1backtests.delete | Cómo borrar el resultado de una prueba retrospectiva de la IA de AML |
financialservices.v1models.delete | Borra un modelo de IA contra lavado de dinero |
financialservices.v1engineconfigs.delete | Borra la configuración de un motor de IA contra lavado de dinero |
financialservices.v1datasets.delete | Borra un conjunto de datos de la IA contra lavado de dinero |
financialservices.v1instances.delete | Borra una instancia de la IA contra lavado de dinero |
bigquery.datasets.delete | Borra un conjunto de datos de BigQuery |