프로젝트 및 권한 설정

이 페이지에서는 Google Cloud 프로젝트를 만들고, AML AI를 사용 설정하고, 사용자 인증 정보를 만들어 계정에 하나 이상의 IAM 역할을 부여하는 방법을 보여줍니다.

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. Install the Google Cloud CLI.

  3. 외부 ID 공급업체(IdP)를 사용하는 경우 먼저 제휴 ID로 gcloud CLI에 로그인해야 합니다.

  4. gcloud CLI를 초기화하려면, 다음 명령어를 실행합니다. 

    gcloud init

  5. Create or select a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  6. Verify that billing is enabled for your Google Cloud project.

  7. Enable the required APIs:

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles. 

    gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com

  8. If you're using a local shell, then create local authentication credentials for your user account: 

    gcloud auth application-default login

    You don't need to do this if you're using Cloud Shell.

    If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.

  9. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin 

    gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE

    Replace the following:

    • PROJECT_ID: your project ID.
    • USER_IDENTIFIER: the identifier for your user account—for example, myemail@example.com.
    • ROLE: the IAM role that you grant to your user account.

  10. Install the Google Cloud CLI.

  11. 외부 ID 공급업체(IdP)를 사용하는 경우 먼저 제휴 ID로 gcloud CLI에 로그인해야 합니다.

  12. gcloud CLI를 초기화하려면, 다음 명령어를 실행합니다. 

    gcloud init

  13. Create or select a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  14. Verify that billing is enabled for your Google Cloud project.

  15. Enable the required APIs:

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles. 

    gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com

  16. If you're using a local shell, then create local authentication credentials for your user account: 

    gcloud auth application-default login

    You don't need to do this if you're using Cloud Shell.

    If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.

  17. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin 

    gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE

    Replace the following:

    • PROJECT_ID: your project ID.
    • USER_IDENTIFIER: the identifier for your user account—for example, myemail@example.com.
    • ROLE: the IAM role that you grant to your user account.
    18.  이러한 역할에는 다음과 같은 필수 권한이 있습니다.

    필수 권한

    다음 권한은 빠른 시작을 완료하고 AML AI에서 여러 중요한 작업을 수행하는 데 필요합니다.

    권한 설명
    resourcemanager.projects.get Google Cloud 프로젝트 가져오기
    resourcemanager.projects.list Google Cloud 프로젝트 나열
    cloudkms.keyRings.createCloud KMS 키링 만들기
    cloudkms.cryptoKeys.createCloud KMS 키 만들기
    financialservices.v1instances.createAML AI 인스턴스 만들기
    financialservices.operations.getAML AI 작업 가져오기
    cloudkms.cryptoKeys.getIamPolicyCloud KMS 키의 IAM 정책 가져오기
    cloudkms.cryptoKeys.setIamPolicyCloud KMS 키의 IAM 정책 설정
    bigquery.datasets.createBigQuery 데이터 세트 만들기
    bigquery.datasets.getBigQuery 데이터 세트 가져오기
    bigquery.transfers.getBigQuery Data Transfer Service 전송 가져오기
    bigquery.transfers.updateBigQuery Data Transfer Service 전송 만들기 또는 삭제
    bigquery.datasets.setIamPolicyBigQuery 데이터 세트의 IAM 정책 설정
    bigquery.datasets.updateBigQuery 데이터 세트 업데이트
    financialservices.v1datasets.createAML AI 데이터 세트 만들기
    financialservices.v1engineconfigs.createAML AI 엔진 구성 만들기
    financialservices.v1models.createAML AI 모델 만들기
    financialservices.v1backtests.createAML AI 백테스트 결과 만들기
    financialservices.v1backtests.exportMetadataAML AI 백테스트 결과에서 메타데이터 내보내기
    financialservices.v1instances.importRegisteredParties등록된 당사자를 AML AI 인스턴스로 가져오기
    financialservices.v1predictions.createAML AI 예측 결과 만들기
    bigquery.jobs.createBigQuery 작업 만들기
    bigquery.tables.getDataBigQuery 테이블에서 데이터 가져오기
    financialservices.v1predictions.deleteAML AI 예측 결과 삭제
    financialservices.v1backtests.deleteAML AI 백테스트 결과 삭제
    financialservices.v1models.deleteAML AI 모델 삭제
    financialservices.v1engineconfigs.deleteAML AI 엔진 구성 삭제
    financialservices.v1datasets.deleteAML AI 데이터 세트 삭제
    financialservices.v1instances.deleteAML AI 인스턴스 삭제
    bigquery.datasets.deleteBigQuery 데이터 세트 삭제