Menyiapkan project dan izin

Tetap teratur dengan koleksi Simpan dan kategorikan konten berdasarkan preferensi Anda.

Halaman ini menunjukkan cara membuat project Google Cloud, mengaktifkan AI AML, membuat kredensial autentikasi, dan memberikan satu atau beberapa peran IAM ke akun Anda.

1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
2. Install the Google Cloud CLI.

3. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

4. To initialize the gcloud CLI, run the following command:

   gcloud init

5. Create or select a Google Cloud project.

   • Create a Google Cloud project:

     gcloud projects create PROJECT_ID

     Replace PROJECT_ID with a name for the Google Cloud project you are creating.

   • Select the Google Cloud project that you created:

     gcloud config set project PROJECT_ID

     Replace PROJECT_ID with your Google Cloud project name.

6. Make sure that billing is enabled for your Google Cloud project.

7. Enable the required APIs:

   gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com

8. If you're using a local shell, then create local authentication credentials for your user account:

   gcloud auth application-default login

   You don't need to do this if you're using Cloud Shell.

   If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.

9. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin

   gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE

   • Replace PROJECT_ID with your project ID.

   • Replace USER_IDENTIFIER with the identifier for your user account. For example, user:myemail@example.com.

   • Replace ROLE with each individual role.
10. Install the Google Cloud CLI.

11. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

12. To initialize the gcloud CLI, run the following command:

    gcloud init

13. Create or select a Google Cloud project.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

14. Make sure that billing is enabled for your Google Cloud project.

15. Enable the required APIs:

    gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com

16. If you're using a local shell, then create local authentication credentials for your user account:

    gcloud auth application-default login

    You don't need to do this if you're using Cloud Shell.

    If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.

17. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin

    gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE

    • Replace PROJECT_ID with your project ID.

    • Replace USER_IDENTIFIER with the identifier for your user account. For example, user:myemail@example.com.

    • Replace ROLE with each individual role.
Peran ini memenuhi izin yang diperlukan berikut:

Izin yang diperlukan

Izin berikut diperlukan untuk menyelesaikan panduan memulai dan diperlukan untuk melakukan banyak operasi penting di AML AI.

Izin	Deskripsi
resourcemanager.projects.get	Mendapatkan project Google Cloud
resourcemanager.projects.list	Mencantumkan project Google Cloud
cloudkms.keyRings.create	Membuat key ring Cloud KMS
cloudkms.cryptoKeys.create	Membuat kunci Cloud KMS
financialservices.v1instances.create	Membuat instance AML AI
financialservices.operations.get	Mendapatkan operasi AML AI
cloudkms.cryptoKeys.getIamPolicy	Mendapatkan kebijakan IAM pada kunci Cloud KMS
cloudkms.cryptoKeys.setIamPolicy	Menetapkan kebijakan IAM pada kunci Cloud KMS
bigquery.datasets.create	Membuat set data BigQuery
bigquery.datasets.get	Mendapatkan set data BigQuery
bigquery.transfers.get	Mendapatkan transfer BigQuery Data Transfer Service
bigquery.transfers.update	Membuat atau menghapus transfer BigQuery Data Transfer Service
bigquery.datasets.setIamPolicy	Menetapkan kebijakan IAM pada set data BigQuery
bigquery.datasets.update	Memperbarui set data BigQuery
financialservices.v1datasets.create	Membuat set data AML AI
financialservices.v1engineconfigs.create	Membuat konfigurasi mesin AML AI
financialservices.v1models.create	Membuat model AML AI
financialservices.v1backtests.create	Membuat hasil backtest AML AI
financialservices.v1backtests.exportMetadata	Mengekspor metadata dari hasil uji balik AI AML
financialservices.v1instances.importRegisteredParties	Mengimpor pihak terdaftar ke instance AML AI
financialservices.v1predictions.create	Membuat hasil prediksi AML AI
bigquery.jobs.create	Membuat tugas BigQuery
bigquery.tables.getData	Mendapatkan data dari tabel BigQuery
financialservices.v1predictions.delete	Menghapus hasil prediksi AI AML
financialservices.v1backtests.delete	Menghapus hasil uji balik AML AI
financialservices.v1models.delete	Menghapus model AML AI
financialservices.v1engineconfigs.delete	Menghapus konfigurasi mesin AML AI
financialservices.v1datasets.delete	Menghapus set data AML AI
financialservices.v1instances.delete	Menghapus instance AML AI
bigquery.datasets.delete	Menghapus set data BigQuery