Configurar um projeto e permissões

Nesta página, mostramos como criar um projeto do Google Cloud , ativar a IA de AML, criar credenciais de autenticação e conceder à sua conta um ou mais papéis do IAM.

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. Install the Google Cloud CLI.

  3. Ao usar um provedor de identidade (IdP) externo, primeiro faça login na gcloud CLI com sua identidade federada.

  4. Para inicializar a gcloud CLI, execute o seguinte comando: 

    gcloud init

  5. Create or select a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  6. Verify that billing is enabled for your Google Cloud project.

  7. Enable the required APIs:

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles. 

    gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com

  8. If you're using a local shell, then create local authentication credentials for your user account: 

    gcloud auth application-default login

    You don't need to do this if you're using Cloud Shell.

    If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.

  9. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin 

    gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE

    Replace the following:

    • PROJECT_ID: your project ID.
    • USER_IDENTIFIER: the identifier for your user account—for example, myemail@example.com.
    • ROLE: the IAM role that you grant to your user account.

  10. Install the Google Cloud CLI.

  11. Ao usar um provedor de identidade (IdP) externo, primeiro faça login na gcloud CLI com sua identidade federada.

  12. Para inicializar a gcloud CLI, execute o seguinte comando: 

    gcloud init

  13. Create or select a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  14. Verify that billing is enabled for your Google Cloud project.

  15. Enable the required APIs:

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles. 

    gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com

  16. If you're using a local shell, then create local authentication credentials for your user account: 

    gcloud auth application-default login

    You don't need to do this if you're using Cloud Shell.

    If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.

  17. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin 

    gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE

    Replace the following:

    • PROJECT_ID: your project ID.
    • USER_IDENTIFIER: the identifier for your user account—for example, myemail@example.com.
    • ROLE: the IAM role that you grant to your user account.
    18.  Esses papéis atendem às seguintes permissões necessárias:

    Permissões necessárias

    As permissões a seguir são necessárias para concluir o guia de início rápido e para realizar muitas operações vitais na AML AI.

    Permissão Descrição
    resourcemanager.projects.getReceber um projeto do Google Cloud
    resourcemanager.projects.listList Google Cloud projects
    cloudkms.keyRings.createCriar um keyring do Cloud KMS
    cloudkms.cryptoKeys.createCriar uma chave do Cloud KMS
    financialservices.v1instances.createCriar uma instância da AI antilavagem de dinheiro
    financialservices.operations.getAcessar uma operação de IA antilavagem de dinheiro
    cloudkms.cryptoKeys.getIamPolicyAcessar a política do IAM em uma chave do Cloud KMS
    cloudkms.cryptoKeys.setIamPolicyDefinir a política do IAM em uma chave do Cloud KMS
    bigquery.datasets.createCriar um conjunto de dados do BigQuery
    bigquery.datasets.getExtrair um conjunto de dados do BigQuery
    bigquery.transfers.getReceber uma transferência do serviço de transferência de dados do BigQuery
    bigquery.transfers.updateCriar ou excluir uma transferência do serviço de transferência de dados do BigQuery
    bigquery.datasets.setIamPolicyDefinir a política do IAM em um conjunto de dados do BigQuery
    bigquery.datasets.updateAtualizar um conjunto de dados do BigQuery
    financialservices.v1datasets.createCriar um conjunto de dados de IA antilavagem de dinheiro
    financialservices.v1engineconfigs.createCriar uma configuração do mecanismo de AI antilavagem de dinheiro
    financialservices.v1models.createCriar um modelo de IA antilavagem de dinheiro
    financialservices.v1backtests.createCriar um resultado de backtest da IA antilavagem de dinheiro
    financialservices.v1backtests.exportMetadataExportar metadados de um resultado de backtest da IA de AML
    financialservices.v1instances.importRegisteredPartiesImportar partes registradas para uma instância de IA de AML
    financialservices.v1predictions.createCriar um resultado de previsão da AI antilavagem de dinheiro
    bigquery.jobs.createCriar um job do BigQuery
    bigquery.tables.getDataExtrair dados de uma tabela do BigQuery
    financialservices.v1predictions.deleteExcluir um resultado de previsão da IA de AML
    financialservices.v1backtests.deleteExcluir um resultado de backtest da IA de AML
    financialservices.v1models.deleteExcluir um modelo de IA antilavagem de dinheiro
    financialservices.v1engineconfigs.deleteExcluir uma configuração do mecanismo de IA antilavagem de dinheiro
    financialservices.v1datasets.deleteExcluir um conjunto de dados da AI antilavagem de dinheiro
    financialservices.v1instances.deleteExcluir uma instância da AML AI
    bigquery.datasets.deleteExcluir um conjunto de dados do BigQuery