设置项目和权限

本页介绍了如何创建 Google Cloud 项目、启用 AML AI、创建身份验证凭据,以及向您的账号授予一个或多个 IAM 角色

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. Install the Google Cloud CLI.
  3. To initialize the gcloud CLI, run the following command:

    gcloud init
  4. Create or select a Google Cloud project.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  5. Make sure that billing is enabled for your Google Cloud project.

  6. Enable the required APIs:

    gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com
  7. If you're using a local shell, then create local authentication credentials for your user account:

    gcloud auth application-default login

    You don't need to do this if you're using Cloud Shell.

  8. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin

    gcloud projects add-iam-policy-binding PROJECT_ID --member="USER_IDENTIFIER" --role=ROLE
    • Replace PROJECT_ID with your project ID.
    • Replace USER_IDENTIFIER with the identifier for your user account. For example, user:myemail@example.com.

    • Replace ROLE with each individual role.
  9. Install the Google Cloud CLI.
  10. To initialize the gcloud CLI, run the following command:

    gcloud init
  11. Create or select a Google Cloud project.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  12. Make sure that billing is enabled for your Google Cloud project.

  13. Enable the required APIs:

    gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com
  14. If you're using a local shell, then create local authentication credentials for your user account:

    gcloud auth application-default login

    You don't need to do this if you're using Cloud Shell.

  15. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin

    gcloud projects add-iam-policy-binding PROJECT_ID --member="USER_IDENTIFIER" --role=ROLE
    • Replace PROJECT_ID with your project ID.
    • Replace USER_IDENTIFIER with the identifier for your user account. For example, user:myemail@example.com.

    • Replace ROLE with each individual role.
  16. 这些角色具有以下所需权限:

    所需权限

    您需要具备以下权限才能完成快速入门,并且需要这些权限才能在 AML AI 中执行许多重要的操作。

    权限 说明
    resourcemanager.projects.get获取 Google Cloud 项目
    resourcemanager.projects.list列出 Google Cloud 项目
    cloudkms.keyRings.create创建 Cloud KMS 密钥环
    cloudkms.cryptoKeys.create创建 Cloud KMS 密钥
    financialservices.v1instances.create创建 AML AI 实例
    financialservices.operations.get获取 AML AI 操作
    cloudkms.cryptoKeys.getIamPolicy获取 Cloud KMS 密钥的 IAM 政策
    cloudkms.cryptoKeys.setIamPolicy为 Cloud KMS 密钥设置 IAM 政策
    bigquery.datasets.create创建 BigQuery 数据集
    bigquery.datasets.get获取 BigQuery 数据集
    bigquery.transfers.get获取 BigQuery Data Transfer Service 转移
    bigquery.transfers.update创建或删除 BigQuery Data Transfer Service 转移作业
    bigquery.datasets.setIamPolicy为 BigQuery 数据集设置 IAM 政策
    bigquery.datasets.update更新 BigQuery 数据集
    financialservices.v1datasets.create创建 AML AI 数据集
    financialservices.v1engineconfigs.create创建 AML AI 引擎配置
    financialservices.v1models.create创建 AML AI 模型
    financialservices.v1backtests.create创建 AML AI 回测结果
    financialservices.v1backtests.exportMetadata从反洗钱 AI 回测结果导出元数据
    financialservices.v1instances.importRegisteredParties将已注册的相关方导入 AML AI 实例
    financialservices.v1predictions.create创建 AML AI 预测结果
    bigquery.jobs.create创建 BigQuery 作业
    bigquery.tables.getData从 BigQuery 表中获取数据
    financialservices.v1predictions.delete删除 AML AI 预测结果
    financialservices.v1backtests.delete删除 AML AI 回测结果
    financialservices.v1models.delete删除 AML AI 模型
    financialservices.v1engineconfigs.delete删除 AML AI 引擎配置
    financialservices.v1datasets.delete删除反洗钱 AI 数据集
    financialservices.v1instances.delete删除 AML AI 实例
    bigquery.datasets.delete删除 BigQuery 数据集