Halaman ini menunjukkan cara membuat Google Cloud project, mengaktifkan AML AI, membuat kredensial autentikasi, dan memberikan satu atau beberapa peran IAM kepada akun Anda.
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
Install the Google Cloud CLI.
-
Jika Anda menggunakan penyedia identitas (IdP) eksternal, Anda harus login ke gcloud CLI dengan identitas gabungan Anda terlebih dahulu.
-
Untuk melakukan inisialisasi gcloud CLI, jalankan perintah berikut:
gcloud init
-
Create or select a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
-
Create a project: To create a project, you need the Project Creator
(
roles/resourcemanager.projectCreator
), which contains theresourcemanager.projects.create
permission. Learn how to grant roles.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_ID
with a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_ID
with your Google Cloud project name.
-
Verify that billing is enabled for your Google Cloud project.
-
Enable the required APIs:
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin
), which contains theserviceusage.services.enable
permission. Learn how to grant roles.gcloud services enable financialservices.googleapis.com
bigquery.googleapis.com cloudkms.googleapis.com -
If you're using a local shell, then create local authentication credentials for your user account:
gcloud auth application-default login
You don't need to do this if you're using Cloud Shell.
If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.
-
Grant roles to your user account. Run the following command once for each of the following IAM roles:
roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin
gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE
Replace the following:
PROJECT_ID
: your project ID.USER_IDENTIFIER
: the identifier for your user account—for example,myemail@example.com
.ROLE
: the IAM role that you grant to your user account.
-
Install the Google Cloud CLI.
-
Jika Anda menggunakan penyedia identitas (IdP) eksternal, Anda harus login ke gcloud CLI dengan identitas gabungan Anda terlebih dahulu.
-
Untuk melakukan inisialisasi gcloud CLI, jalankan perintah berikut:
gcloud init
-
Create or select a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
-
Create a project: To create a project, you need the Project Creator
(
roles/resourcemanager.projectCreator
), which contains theresourcemanager.projects.create
permission. Learn how to grant roles.
-
Create a Google Cloud project:
gcloud projects create PROJECT_ID
Replace
PROJECT_ID
with a name for the Google Cloud project you are creating. -
Select the Google Cloud project that you created:
gcloud config set project PROJECT_ID
Replace
PROJECT_ID
with your Google Cloud project name.
-
Verify that billing is enabled for your Google Cloud project.
-
Enable the required APIs:
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin
), which contains theserviceusage.services.enable
permission. Learn how to grant roles.gcloud services enable financialservices.googleapis.com
bigquery.googleapis.com cloudkms.googleapis.com -
If you're using a local shell, then create local authentication credentials for your user account:
gcloud auth application-default login
You don't need to do this if you're using Cloud Shell.
If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.
-
Grant roles to your user account. Run the following command once for each of the following IAM roles:
roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin
gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE
Replace the following:
PROJECT_ID
: your project ID.USER_IDENTIFIER
: the identifier for your user account—for example,myemail@example.com
.ROLE
: the IAM role that you grant to your user account.
Izin yang diperlukan
Izin berikut diperlukan untuk menyelesaikan mulai cepat dan diperlukan untuk melakukan banyak operasi penting di AML AI.
Izin | Deskripsi |
---|---|
resourcemanager.projects.get | Mendapatkan project Google Cloud |
resourcemanager.projects.list | List Google Cloud projects |
cloudkms.keyRings.create | Buat key ring Cloud KMS |
cloudkms.cryptoKeys.create | Membuat kunci Cloud KMS |
financialservices.v1instances.create | Membuat instance AML AI |
financialservices.operations.get | Mendapatkan operasi AML AI |
cloudkms.cryptoKeys.getIamPolicy | Mendapatkan kebijakan IAM pada kunci Cloud KMS |
cloudkms.cryptoKeys.setIamPolicy | Menetapkan kebijakan IAM pada kunci Cloud KMS |
bigquery.datasets.create | Membuat set data BigQuery |
bigquery.datasets.get | Mendapatkan set data BigQuery |
bigquery.transfers.get | Mendapatkan transfer BigQuery Data Transfer Service |
bigquery.transfers.update | Membuat atau menghapus transfer BigQuery Data Transfer Service |
bigquery.datasets.setIamPolicy | Menetapkan kebijakan IAM pada set data BigQuery |
bigquery.datasets.update | Memperbarui set data BigQuery |
financialservices.v1datasets.create | Membuat set data AML AI |
financialservices.v1engineconfigs.create | Membuat konfigurasi mesin AML AI |
financialservices.v1models.create | Membuat model AML AI |
financialservices.v1backtests.create | Membuat hasil backtest AML AI |
financialservices.v1backtests.exportMetadata | Mengekspor metadata dari hasil uji coba AI AML |
financialservices.v1instances.importRegisteredParties | Mengimpor pihak terdaftar ke instance AML AI |
financialservices.v1predictions.create | Membuat hasil prediksi AML AI |
bigquery.jobs.create | Membuat tugas BigQuery |
bigquery.tables.getData | Mendapatkan data dari tabel BigQuery |
financialservices.v1predictions.delete | Menghapus hasil prediksi AI AML |
financialservices.v1backtests.delete | Menghapus hasil uji ulang AML AI |
financialservices.v1models.delete | Menghapus model AML AI |
financialservices.v1engineconfigs.delete | Menghapus konfigurasi mesin AML AI |
financialservices.v1datasets.delete | Menghapus set data AML AI |
financialservices.v1instances.delete | Menghapus instance AML AI |
bigquery.datasets.delete | Menghapus set data BigQuery |