Pada 15 September 2026, semua lingkungan Cloud Composer 1 dan Cloud Composer 2 versi 2.0.x akan mencapai akhir masa pakainya yang direncanakan, dan Anda tidak akan dapat menggunakannya. Sebaiknya rencanakan migrasi ke Cloud Composer 3.
Jika Anda ingin menggunakan operator Airflow untuk berinteraksi dengan lingkungan Cloud Composer, termasuk lingkungan di project lain, lihat Memicu DAG di lingkungan dan project lain.
Sebaiknya akses resource dalam project Google Cloud lain dengan
cara berikut:
Di DAG, gunakan koneksi default yang telah dikonfigurasi sebelumnya di
lingkungan Anda.
Misalnya, koneksi google_cloud_default digunakan oleh banyak
operatorGoogle Cloud dan dikonfigurasi secara otomatis saat Anda
membuat lingkungan.
Berikan izin dan peran IAM tambahan ke
akun layanan lingkungan Anda, sehingga dapat
mengakses resource di project lain.
Menentukan akun layanan lingkungan Anda
Untuk menentukan akun layanan lingkungan Anda:
Konsol
Di Google Cloud console, buka halaman Environments.
Nilainya adalah alamat email, seperti
service-account-name@example-project.iam.gserviceaccount.com.
Memberikan peran dan izin IAM untuk mengakses resource di project lain
Akun layanan lingkungan Anda memerlukan izin untuk mengakses
resource di project lain. Peran dan izin ini dapat berbeda
berdasarkan resource yang ingin Anda akses.
Mengakses resource tertentu
Sebaiknya berikan peran dan izin untuk resource tertentu, seperti
satu bucket Cloud Storage yang berada di project lain. Dalam pendekatan
ini, Anda menggunakan akses berbasis resource dengan binding peran bersyarat.
Setelah memberikan izin dan peran yang diperlukan, Anda dapat mengakses resource di
project lain dengan koneksi Airflow default yang sama
yang Anda gunakan untuk mengakses resource di project tempat lingkungan Anda
berada.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-08-29 UTC."],[[["\u003cp\u003eThis document explains how to access resources in a different Google Cloud project from your Cloud Composer environment.\u003c/p\u003e\n"],["\u003cp\u003eThe recommended approach is to utilize the default connections in your DAGs and grant necessary IAM permissions to your environment's service account.\u003c/p\u003e\n"],["\u003cp\u003eYou can determine your environment's service account through the Google Cloud console or the gcloud command-line tool, which is listed in the service account field on the environments details page.\u003c/p\u003e\n"],["\u003cp\u003eIAM roles and permissions should be granted to the environment's service account to access resources in other projects, either for specific resources or for an entire resource type.\u003c/p\u003e\n"],["\u003cp\u003eAfter granting permissions, resources in other projects can be accessed using the same default Airflow connections as those within your environment's project.\u003c/p\u003e\n"]]],[],null,["# Access resources in another project\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\n**Cloud Composer 3** \\| [Cloud Composer 2](/composer/docs/composer-2/access-resources-in-another-project \"View this page for Cloud Composer 2\") \\| [Cloud Composer 1](/composer/docs/composer-1/access-resources-in-another-project \"View this page for Cloud Composer 1\")\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\nThis page describes how to access resources that are located in a different\nGoogle Cloud project than your Cloud Composer environment.\n\nIf you want to use a service account from one project to run environments in\nanother project, see\n[Using a service account from another project](/composer/docs/composer-3/access-control#cross-project).\n\nIf you want to use Airflow operators to interact with Cloud Composer\nenvironments, including environments in other projects, see\n[Trigger DAGs in other environments and projects](/composer/docs/composer-3/trigger-dags-in-other-environments).\n\nWe recommend to access resources in other Google Cloud projects in the\nfollowing way:\n\n1. In your DAGs, use the default connections that are preconfigured in your\n environment.\n\n For example, the `google_cloud_default` connection is used by many\n Google Cloud operators and is automatically configured when you\n create an environment.\n2. Grant extra IAM permissions and roles to the\n [service account of your environment](/composer/docs/composer-3/access-control#service-account), so that it can\n access resources in a different project.\n\nDetermine the service account of your environment\n-------------------------------------------------\n\nTo determine the service account of your environment: \n\n### Console\n\n1. In Google Cloud console, go to the **Environments** page.\n\n [Go to Environments](https://console.cloud.google.com/composer/environments)\n2. In the list of environments, click the name of your environment.\n The **Environment details** page opens.\n\n3. Go to the **Environment configuration** tab.\n\n4. The service account of your environment is listed in\n the **Service account** field.\n\n The value is an email address, such as\n `service-account-name@example-project.iam.gserviceaccount.com`.\n\n### gcloud\n\n gcloud composer environments describe \u003cvar translate=\"no\"\u003eENVIRONMENT_NAME\u003c/var\u003e \\\n --location \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e \\\n --format=\"get(config.nodeConfig.serviceAccount)\"\n\nThe value is an email address, such as\n`service-account-name@example-project.iam.gserviceaccount.com`.\n\nGrant IAM roles and permissions to access resources in another project\n----------------------------------------------------------------------\n\nThe service account of your environment requires permissions to access\nresources in another project. These roles and permissions can be different\nbased on the resource that you want to access.\n\n### Access a specific resource\n\nWe recommend to grant roles and permissions for specific resources, such as a\nsingle Cloud Storage bucket located in a different project. In this\napproach, you use resource-based access with conditional role bindings.\n\nTo access a specific resource:\n\n1. Follow the [Configure resource-based access](/iam/docs/configuring-resource-based-access) guide.\n2. When granting roles and permissions, specify the [service account of your environment](#view-service-account) as a principal.\n\n### Access a resource type\n\nAs an alternative, you can grant roles and permissions based on the resource\ntype, such as all Cloud Storage buckets located in a different\nproject.\n\nTo access a resource type:\n\n1. Follow the [Manage access to other resources](/iam/docs/manage-access-other-resources) guide.\n2. When granting roles and permissions, specify the [service account of your environment](#view-service-account) as a principal.\n\nAfter you grant the required permissions and roles, you can access resources in\na different project with the same default Airflow connections\nthat you use to access resources in the project where your environment is\nlocated.\n\nWhat's next\n-----------\n\n- [Access control with IAM](/composer/docs/composer-3/access-control)\n- [Manage Airflow connections](/composer/docs/composer-3/manage-airflow-connections)\n- [Configure resource location restrictions](/composer/docs/composer-3/configure-resource-location-restrictions)"]]
