Data Integrations > GCP Service Account

GCP Service Account

This covers instructions to setup a Google Cloud Service account and setting up credentials in a corresponding Rockset integration. In specific, we’ll be setting up access to Google Cloud Storage.

Creating a GCP Service Account

You can create a new service account and corresponding role to provide Rockset with access to your GCP resources. The instructions on creating a new service account are covered in detail in GCP documentation.

Create GCP Service Account

Once you create the service account, create a new key and ensure sure that you download the JSON associated with that key. This key is required in order to create the GCP integration within Rockset.

Create GCP Service Account

Setting up permissions

In order to access Google Cloud Storage buckets, you must provide roles to the service account that allow access to specific buckets. For a set of standard roles, you can refer to the Cloud IAM permissions documentation. The permissions it needs in specific are:

  • storage.objects.get
  • storage.objects.list

You can associate a role that provides these permissions to the service account that you created, or you can set it up for your bucket.

Setting up per-bucket permission

Creating an integration

Once you have configured your service account and downloaded the corresponding JSON key file, you are ready to set up the GCP integration in your Rockset account. Using the Console, you can create a GCP integration using the contents of your JSON key file.

Create GCP Service Account Integration

Using the CLI, you can run the following:

$ rock create integration "gcs-read-bucket" \
    --type=GCPServiceAccount \
    --json_key_file=/path/to/file

Integration "gcs-read-bucket" was created successfully.

Note that any of the above operations can also be performed using Rockset Client libraries or REST APIs.