Em 15 de setembro de 2026, todos os ambientes do Cloud Composer 1 e da versão 2.0.x do Cloud Composer 2 vão atingir o fim da vida útil planejado e não poderão mais ser usados. Recomendamos planejar a migração para o Cloud Composer 3.
Se você quiser usar operadores do Airflow para interagir com ambientes do Cloud Composer, incluindo ambientes em outros projetos, consulte Acionar DAGs em outros ambientes e projetos.
Recomendamos acessar recursos em outros projetos Google Cloud da seguinte
maneira:
Nos DAGs, use as conexões padrão pré-configuradas no
ambiente.
Por exemplo, a conexão google_cloud_default é usada por muitos
operadoresGoogle Cloud e é configurada automaticamente quando você
cria um ambiente.
Conceda permissões e papéis extras do IAM à
conta de serviço do seu ambiente para que ela possa
acessar recursos em um projeto diferente.
Determinar a conta de serviço do seu ambiente
Para determinar a conta de serviço do seu ambiente:
Console
No Google Cloud console, acesse a página Ambientes.
O valor é um endereço de e-mail, como
service-account-name@example-project.iam.gserviceaccount.com.
Conceder papéis e permissões do IAM para acessar recursos em outro projeto
A conta de serviço do seu ambiente precisa de permissões para acessar
recursos em outro projeto. Essas funções e permissões podem ser diferentes
com base no recurso que você quer acessar.
Acessar um recurso específico
Recomendamos conceder funções e permissões para recursos específicos, como um bucket do Cloud Storage localizado em um projeto diferente. Nessa
abordagem, você usa o acesso baseado em recursos com vinculações de papéis condicionais.
Como alternativa, é possível conceder funções e permissões com base no tipo de recurso, como todos os buckets do Cloud Storage localizados em um projeto diferente.
Depois de conceder as permissões e funções necessárias, você poderá acessar recursos em
um projeto diferente com as mesmas conexões padrão do Airflow
que você usa para acessar recursos no projeto em que seu ambiente está
localizado.
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-08-29 UTC."],[[["\u003cp\u003eThis document explains how to access Google Cloud resources located in a different project than your Cloud Composer environment.\u003c/p\u003e\n"],["\u003cp\u003eAccessing resources in another project is recommended to be done through the default connections preconfigured in your environment.\u003c/p\u003e\n"],["\u003cp\u003eThe service account associated with your Cloud Composer environment needs to be granted specific IAM roles and permissions to enable cross-project resource access.\u003c/p\u003e\n"],["\u003cp\u003eYou can determine your Cloud Composer environment's service account through the Google Cloud console or using the \u003ccode\u003egcloud\u003c/code\u003e command-line tool.\u003c/p\u003e\n"],["\u003cp\u003ePermissions can be granted for access to either specific resources or to all resources of a certain type in the other Google Cloud Project.\u003c/p\u003e\n"]]],[],null,["# Access resources in another project\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\n[Cloud Composer 3](/composer/docs/composer-3/access-resources-in-another-project \"View this page for Cloud Composer 3\") \\| **Cloud Composer 2** \\| [Cloud Composer 1](/composer/docs/composer-1/access-resources-in-another-project \"View this page for Cloud Composer 1\")\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\nThis page describes how to access resources that are located in a different\nGoogle Cloud project than your Cloud Composer environment.\n\nIf you want to use a service account from one project to run environments in\nanother project, see\n[Using a service account from another project](/composer/docs/composer-2/access-control#cross-project).\n\nIf you want to use Airflow operators to interact with Cloud Composer\nenvironments, including environments in other projects, see\n[Trigger DAGs in other environments and projects](/composer/docs/composer-2/trigger-dags-in-other-environments).\n\nWe recommend to access resources in other Google Cloud projects in the\nfollowing way:\n\n1. In your DAGs, use the default connections that are preconfigured in your\n environment.\n\n For example, the `google_cloud_default` connection is used by many\n Google Cloud operators and is automatically configured when you\n create an environment.\n2. Grant extra IAM permissions and roles to the\n [service account of your environment](/composer/docs/composer-2/access-control#service-account), so that it can\n access resources in a different project.\n\nDetermine the service account of your environment\n-------------------------------------------------\n\nTo determine the service account of your environment: \n\n### Console\n\n1. In Google Cloud console, go to the **Environments** page.\n\n [Go to Environments](https://console.cloud.google.com/composer/environments)\n2. In the list of environments, click the name of your environment.\n The **Environment details** page opens.\n\n3. Go to the **Environment configuration** tab.\n\n4. The service account of your environment is listed in\n the **Service account** field.\n\n The value is an email address, such as\n `service-account-name@example-project.iam.gserviceaccount.com`.\n\n### gcloud\n\n gcloud composer environments describe \u003cvar translate=\"no\"\u003eENVIRONMENT_NAME\u003c/var\u003e \\\n --location \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e \\\n --format=\"get(config.nodeConfig.serviceAccount)\"\n\nThe value is an email address, such as\n`service-account-name@example-project.iam.gserviceaccount.com`.\n\nGrant IAM roles and permissions to access resources in another project\n----------------------------------------------------------------------\n\nThe service account of your environment requires permissions to access\nresources in another project. These roles and permissions can be different\nbased on the resource that you want to access.\n\n### Access a specific resource\n\nWe recommend to grant roles and permissions for specific resources, such as a\nsingle Cloud Storage bucket located in a different project. In this\napproach, you use resource-based access with conditional role bindings.\n\nTo access a specific resource:\n\n1. Follow the [Configure resource-based access](/iam/docs/configuring-resource-based-access) guide.\n2. When granting roles and permissions, specify the [service account of your environment](#view-service-account) as a principal.\n\n### Access a resource type\n\nAs an alternative, you can grant roles and permissions based on the resource\ntype, such as all Cloud Storage buckets located in a different\nproject.\n\nTo access a resource type:\n\n1. Follow the [Manage access to other resources](/iam/docs/manage-access-other-resources) guide.\n2. When granting roles and permissions, specify the [service account of your environment](#view-service-account) as a principal.\n\nAfter you grant the required permissions and roles, you can access resources in\na different project with the same default Airflow connections\nthat you use to access resources in the project where your environment is\nlocated.\n\nWhat's next\n-----------\n\n- [Access control with IAM](/composer/docs/composer-2/access-control)\n- [Manage Airflow connections](/composer/docs/composer-2/manage-airflow-connections)\n- [Configure resource location restrictions](/composer/docs/composer-2/configure-resource-location-restrictions)"]]
