设置项目和权限

本页面介绍了如何创建 Google Cloud 项目、启用 AML AI、创建身份验证凭据,以及向您的账号授予一个或多个 IAM 角色

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. Install the Google Cloud CLI.

  3. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  4. To initialize the gcloud CLI, run the following command: 

    gcloud init

  5. Create or select a Google Cloud project.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  6. Make sure that billing is enabled for your Google Cloud project.

  7. Enable the required APIs: 

    gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com

  8. If you're using a local shell, then create local authentication credentials for your user account: 

    gcloud auth application-default login

    You don't need to do this if you're using Cloud Shell.

    If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.

  9. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin 

    gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE
    • Replace PROJECT_ID with your project ID.

    • Replace USER_IDENTIFIER with the identifier for your user account. For example, user:myemail@example.com.

    • Replace ROLE with each individual role.

  10. Install the Google Cloud CLI.

  11. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  12. To initialize the gcloud CLI, run the following command: 

    gcloud init

  13. Create or select a Google Cloud project.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  14. Make sure that billing is enabled for your Google Cloud project.

  15. Enable the required APIs: 

    gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com

  16. If you're using a local shell, then create local authentication credentials for your user account: 

    gcloud auth application-default login

    You don't need to do this if you're using Cloud Shell.

    If an authentication error is returned, and you are using an external identity provider (IdP), confirm that you have signed in to the gcloud CLI with your federated identity.

  17. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin 

    gcloud projects add-iam-policy-binding PROJECT_ID --member="user:USER_IDENTIFIER" --role=ROLE
    • Replace PROJECT_ID with your project ID.

    • Replace USER_IDENTIFIER with the identifier for your user account. For example, user:myemail@example.com.

    • Replace ROLE with each individual role.
    18.  这些角色可满足以下必需的权限:

    所需权限

    如需完成快速入门,您需要具备以下权限,并且需要这些权限才能在 AML AI 中执行许多重要操作。

    权限 说明
    resourcemanager.projects.get获取 Google Cloud 项目
    resourcemanager.projects.list列出 Google Cloud 个项目
    cloudkms.keyRings.create创建 Cloud KMS 密钥环
    cloudkms.cryptoKeys.create创建 Cloud KMS 密钥
    financialservices.v1instances.create创建 AML AI 实例
    financialservices.operations.get获取 AML AI 操作
    cloudkms.cryptoKeys.getIamPolicy获取 Cloud KMS 密钥的 IAM 政策
    cloudkms.cryptoKeys.setIamPolicy为 Cloud KMS 密钥设置 IAM 政策
    bigquery.datasets.create创建 BigQuery 数据集
    bigquery.datasets.get获取 BigQuery 数据集
    bigquery.transfers.get获取 BigQuery Data Transfer Service 转移作业
    bigquery.transfers.update创建或删除 BigQuery Data Transfer Service 转移作业
    bigquery.datasets.setIamPolicy在 BigQuery 数据集上设置 IAM 政策
    bigquery.datasets.update更新 BigQuery 数据集
    financialservices.v1datasets.create创建 AML AI 数据集
    financialservices.v1engineconfigs.create创建 AML AI 引擎配置
    financialservices.v1models.create创建 AML AI 模型
    financialservices.v1backtests.create创建 AML AI 回测结果
    financialservices.v1backtests.exportMetadata从 AML AI 回测结果导出元数据
    financialservices.v1instances.importRegisteredParties将已注册的当事人导入 AML AI 实例
    financialservices.v1predictions.create创建 AML AI 预测结果
    bigquery.jobs.create创建 BigQuery 作业
    bigquery.tables.getData从 BigQuery 表中获取数据
    financialservices.v1predictions.delete删除 AML AI 预测结果
    financialservices.v1backtests.delete删除 AML AI 回测结果
    financialservices.v1models.delete删除 AML AI 模型
    financialservices.v1engineconfigs.delete删除 AML AI 引擎配置
    financialservices.v1datasets.delete删除 AML AI 数据集
    financialservices.v1instances.delete删除 AML AI 实例
    bigquery.datasets.delete删除 BigQuery 数据集