A 15 de setembro de 2026, todos os ambientes do Cloud Composer 1 e do Cloud Composer 2 versão 2.0.x vão atingir o fim da vida útil planeado e não vai poder usá-los. Recomendamos que planeie a migração para o Cloud Composer 3.
O valor é um endereço de email, como
service-account-name@example-project.iam.gserviceaccount.com.
Conceda funções e autorizações da IAM para aceder a recursos noutro projeto
A conta de serviço do seu ambiente requer autorizações para aceder a recursos noutro projeto. Estas funções e autorizações podem ser diferentes
com base no recurso ao qual quer aceder.
Aceda a um recurso específico
Recomendamos que conceda funções e autorizações para recursos específicos, como um único contentor do Cloud Storage localizado num projeto diferente. Nesta abordagem, usa o acesso baseado em recursos com associações de funções condicionais.
Em alternativa, pode conceder funções e autorizações com base no tipo de recurso, como todos os contentores do Cloud Storage localizados num projeto diferente.
Depois de conceder as autorizações e as funções necessárias, pode aceder aos recursos num projeto diferente com as mesmas associações predefinidas do Airflow que usa para aceder aos recursos no projeto onde o seu ambiente está localizado.
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-08-28 UTC."],[[["\u003cp\u003eThis page details how to access resources in a Google Cloud project different from your Cloud Composer 1 environment's project.\u003c/p\u003e\n"],["\u003cp\u003eThe recommended method involves utilizing preconfigured default connections in your DAGs, like \u003ccode\u003egoogle_cloud_default\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eYou must grant the service account of your Cloud Composer 1 environment the necessary IAM roles and permissions to access resources in the other project.\u003c/p\u003e\n"],["\u003cp\u003ePermissions can be granted either for specific resources (e.g., a particular Cloud Storage bucket) or for an entire resource type (e.g., all Cloud Storage buckets).\u003c/p\u003e\n"],["\u003cp\u003eAfter proper permissions are granted, you can access resources in the other project using the same default Airflow connections used within your environment's project.\u003c/p\u003e\n"]]],[],null,["\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\n[Cloud Composer 3](/composer/docs/composer-3/access-resources-in-another-project \"View this page for Cloud Composer 3\") \\| [Cloud Composer 2](/composer/docs/composer-2/access-resources-in-another-project \"View this page for Cloud Composer 2\") \\| **Cloud Composer 1**\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\nThis page describes how to access resources that are located in a different\nGoogle Cloud project than your Cloud Composer environment.\n\nIf you want to use a service account from one project to run environments in\nanother project, see\n[Using a service account from another project](/composer/docs/composer-1/access-control#cross-project).\n\nWe recommend to access resources in other Google Cloud projects in the\nfollowing way:\n\n1. In your DAGs, use the default connections that are preconfigured in your\n environment.\n\n For example, the `google_cloud_default` connection is used by many\n Google Cloud operators and is automatically configured when you\n create an environment.\n2. Grant extra IAM permissions and roles to the\n [service account of your environment](/composer/docs/composer-1/access-control#service-account), so that it can\n access resources in a different project.\n\nDetermine the service account of your environment\n\nTo determine the service account of your environment: \n\nConsole\n\n1. In Google Cloud console, go to the **Environments** page.\n\n [Go to Environments](https://console.cloud.google.com/composer/environments)\n2. In the list of environments, click the name of your environment.\n The **Environment details** page opens.\n\n3. Go to the **Environment configuration** tab.\n\n4. The service account of your environment is listed in\n the **Service account** field.\n\n The value is an email address, such as\n `service-account-name@example-project.iam.gserviceaccount.com`.\n\ngcloud \n\n gcloud composer environments describe \u003cvar translate=\"no\"\u003eENVIRONMENT_NAME\u003c/var\u003e \\\n --location \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e \\\n --format=\"get(config.nodeConfig.serviceAccount)\"\n\nThe value is an email address, such as\n`service-account-name@example-project.iam.gserviceaccount.com`.\n\nGrant IAM roles and permissions to access resources in another project\n\nThe service account of your environment requires permissions to access\nresources in another project. These roles and permissions can be different\nbased on the resource that you want to access.\n\nAccess a specific resource\n\nWe recommend to grant roles and permissions for specific resources, such as a\nsingle Cloud Storage bucket located in a different project. In this\napproach, you use resource-based access with conditional role bindings.\n\nTo access a specific resource:\n\n1. Follow the [Configure resource-based access](/iam/docs/configuring-resource-based-access) guide.\n2. When granting roles and permissions, specify the [service account of your environment](#view-service-account) as a principal.\n\nAccess a resource type\n\nAs an alternative, you can grant roles and permissions based on the resource\ntype, such as all Cloud Storage buckets located in a different\nproject.\n\nTo access a resource type:\n\n1. Follow the [Manage access to other resources](/iam/docs/manage-access-other-resources) guide.\n2. When granting roles and permissions, specify the [service account of your environment](#view-service-account) as a principal.\n\nAfter you grant the required permissions and roles, you can access resources in\na different project with the same default Airflow connections\nthat you use to access resources in the project where your environment is\nlocated.\n\nWhat's next\n\n- [Access control with IAM](/composer/docs/composer-1/access-control)\n- [Manage Airflow connections](/composer/docs/composer-1/manage-airflow-connections)\n- [Configure resource location restrictions](/composer/docs/composer-1/configure-resource-location-restrictions)"]]
