Provide Access to Destination Bucket

Finish the Project Setup and Key Download step for the session. The Session ID can be found in the email titled Action Required: Provide Access for Data Upload - Google Transfer Appliance.

Provide Access to KMS

1. Prerequisite: Ensure you have the Cloud KMS Admin role (roles/cloudkms.admin) to provide access to the KMS key.
2. Find the Session ID in the email titled Action Required: Provide Access for Data Upload - Google Transfer Appliance.
3. Find the KMS key in the 'Key resource n̦ame' field on the Appliance Detail page for the given session.

4. Go to the Cryptographic Keys page in Google Cloud console.

   Go to the Cryptographic Keys page

5. Click the key ring that contains your asymmetric key.

6. Select the checkbox for the asymmetric key.

7. In the Info panel, click Add principal.

   • Add principals is displayed.

8. In the New principals field, enter the Transfer Appliance P4SA. It looks like the following example:

   service-PROJECT_ID@gcp-sa-transferappliance.iam.gserviceaccount.com

   In this example, PROJECT_ID is the Google Cloud project ID that your appliance is under.

9. In the Select a role field, add the Cloud KMS CryptoKey Public Key Viewer role.

10. Click the Add another role and add Cloud KMS CryptoKey Decrypter role.

11. Click Save.