Cloud Composer에서 비즈니스에 중요한 애플리케이션을 실행하려면 여러 당사자가 다양한 책임을 져야 합니다. 이 문서에는 전체 목록은 아니지만 Google과 고객 측 책임이 나와 있습니다.
Google의 책임
Google Kubernetes Engine 클러스터, Cloud SQL 데이터베이스(Airflow를 호스팅), Pub/Sub, Artifact Registry, 기타 환경 요소를 포함하여 Cloud Composer 환경의 구성요소 및 기본 인프라를 강화 및 패치합니다. 특히 여기에는 환경의 GKE 클러스터 및 Cloud SQL 인스턴스를 포함하여 기본 인프라 자동 업그레이드가 포함됩니다.
Cloud Composer 서비스에서 문제를 해결하는 Cloud Composer 버전을 게시한 후 제품 지원이 유지되고 보안 문제가 해결되도록 새로운 Cloud Composer 및 Airflow 버전으로 업그레이드합니다.
사용된 Airflow 버전과 호환되도록 DAG 코드를 유지보수합니다.
환경의 서비스 계정에 대해 적절한 IAM 권한을 유지보수합니다. 특히 Cloud Composer 에이전트 및 환경의 서비스 계정에 필요한 권한을 유지합니다. Cloud Composer 환경 암호화에 사용되는 CMEK 키에 필요한 권한을 유지보수하고 필요에 따라 순환할 수 있습니다.
환경 버킷에 대한 적절한 IAM 권한을 유지합니다.
PyPI 패키지 설치를 실행하는 서비스 계정에 적절한 IAM 권한을 유지합니다. 자세한 내용은 액세스 제어를 참조하세요.
IAM 및 Airflow UI 액세스 제어 구성에서 적절한 최종 사용자 권한을 유지보수합니다.
유지보수 DAG를 사용하여 Airflow 데이터베이스 크기를 20GB 미만으로 유지합니다.
Cloud Customer Care에 지원 케이스를 등록하기 전에 모든 DAG 파싱 문제를 해결합니다.
DAG에 대한 측정항목을 올바르게 보고할 수 있도록 DAG를 적절하게 이름 지정합니다 (예: DAG 이름에 SPACE 또는 TAB과 같은 보이지 않는 문자를 사용하지 않음).
지원 중단된 연산자를 사용하지 않고 최신 대안으로 이전하도록 DAG의 코드를 업그레이드합니다. 지원 중단된 연산자가 Airflow 제공업체에서 삭제될 수 있으며, 이는 이후 Cloud Composer 또는 Airflow 버전으로 업그레이드하려는 계획에 영향을 미칠 수 있습니다. 지원 중단된 연산자도 유지되지 않으며 '있는 그대로' 사용해야 합니다.
Secret Manager와 같은 보안 비밀 백엔드를 사용할 때 환경의 서비스 계정이 액세스할 수 있도록 적절한 IAM 권한을 구성합니다.
Cloud Composer 최적화 가이드 및 환경 확장 가이드를 사용하여 Cloud Composer 환경의 성능 및 로드 기대치를 충족하도록 Cloud Composer 환경 매개변수(예: Airflow 구성요소의 CPU 및 메모리) 및 Airflow 구성을 조정합니다.
Cloud Composer 에이전트 및 환경의 서비스 계정에 필요한 권한을 삭제하지 않습니다. 이러한 권한을 삭제하면 관리 작업 실패 또는 DAG 및 작업 실패가 발생할 수 있습니다.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-08-29(UTC)"],[[["\u003cp\u003eThis document outlines the shared responsibilities between Google and customers when using Cloud Composer 3 for business-critical applications.\u003c/p\u003e\n"],["\u003cp\u003eGoogle's responsibilities include hardening and patching the Cloud Composer environment, protecting access, and providing security features like encryption and access control.\u003c/p\u003e\n"],["\u003cp\u003eCustomers are responsible for upgrading to new Cloud Composer and Airflow versions, maintaining DAG code and IAM permissions, and ensuring Airflow database health.\u003c/p\u003e\n"],["\u003cp\u003eCustomers must manage IAM permissions for service accounts and buckets, as well as for PyPI package installations, and end user access.\u003c/p\u003e\n"],["\u003cp\u003eBoth parties have a vested interest in maintaining the performance and security of Cloud Composer, with Google managing the underlying infrastructure, and the customer managing their own DAGs, code and environment settings.\u003c/p\u003e\n"]]],[],null,["# Cloud Composer shared responsibility model\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\n**Cloud Composer 3** \\| [Cloud Composer 2](/composer/docs/composer-2/shared-responsibility \"View this page for Cloud Composer 2\") \\| [Cloud Composer 1](/composer/docs/composer-1/shared-responsibility \"View this page for Cloud Composer 1\")\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\nRunning a business-critical application on Cloud Composer requires\nmultiple parties to carry different responsibilities. While not an exhaustive\nlist, this document lists the responsibilities for both Google and the Customer\nsides.\n\nGoogle Responsibilities\n-----------------------\n\n- [Hardening](/container-optimized-os/docs/concepts/security) and\n [patching](/kubernetes-engine/docs/resources/security-patching) the Cloud Composer\n environment's components and underlying infrastructure, including\n Google Kubernetes Engine cluster, Cloud SQL database (that hosts the Airflow\n database), Pub/Sub, Artifact Registry and other environment\n elements. In particular, this includes auto-upgrading the underlying\n infrastructure, including the GKE cluster and\n Cloud SQL instance of an environment.\n\n | **Note:** Cloud Composer 1 is in the post-maintenance mode and new versions of Cloud Composer 1 with security fixes are no longer published. Migrate to Cloud Composer 2 to get the latest version updates with security improvements.\n- Protecting access to Cloud Composer environments through\n incorporating access control provided by IAM,\n [encrypting data at rest by default](/security/encryption-at-rest/default-encryption),\n providing [additional customer-managed storage encryption](/kubernetes-engine/docs/how-to/using-cmek),\n [encrypting data in transit](/security/encryption-in-transit).\n\n- Providing Google Cloud integrations for Identity and Access Management, Cloud Audit Logs\n and Cloud Key Management Service.\n\n- Restricting and logging Google administrative access to customers' clusters\n for contractual support purposes with\n [Access Transparency](/access-transparency) and\n [Access Approval](/cloud-provider-access-management/access-approval/docs/overview).\n\n- Publishing information about backward incompatible changes between\n Cloud Composer and Airflow versions in\n [Cloud Composer Release Notes](/composer/docs/release-notes).\n\n- Keeping Cloud Composer documentation up to date:\n\n - Providing description of all functionalities provided by\n Cloud Composer.\n\n - Providing troubleshooting instructions that help to keep environments in\n a healthy state.\n\n - Publishing information about known issues with workarounds (if they\n exist).\n\n- Resolving critical security incidents related to Cloud Composer\n environments and Airflow images provided by Cloud Composer\n (excluding customer-installed Python packages) by delivering new\n environment versions addressing the incidents.\n\n- Depending on customer's Support Plan, troubleshooting of\n Cloud Composer environment health issues.\n\n- Maintaining and expanding the functionality of the\n [Cloud Composer Terraform provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/composer_environment).\n\n- Cooperating with the Apache Airflow community to maintain and develop\n [Google Airflow operators](https://airflow.apache.org/docs/apache-airflow-providers-google/stable/operators/cloud/cloud_composer.html).\n\n | **Note:** Google won't fix or troubleshoot issues in operator providers for third-party services or products.\n- Troubleshooting and, if possible, fixing issues in Airflow core\n functionalities.\n\nCustomer responsibilities\n-------------------------\n\n- Upgrading to new Cloud Composer and Airflow versions to keep\n support for the product and to resolve security issues once\n Cloud Composer service publishes a Cloud Composer\n version that addresses the issues.\n\n- Maintaining the DAGs code to keep it compatible with the used Airflow version.\n\n- Maintaining proper permissions in IAM for the environment's\n service account. Particularly, keeping permissions required by the\n [Cloud Composer Agent](/composer/docs/composer-3/access-control#composer-sa) and the\n [environment's service account](/composer/docs/composer-3/access-control#service-account). Maintaining\n required permission for the CMEK key used for Cloud Composer\n environment encryption and rotating it according to your needs.\n\n | **Caution:** We recommend to [set up a user-managed service account](/composer/docs/composer-3/access-control#custom-service-account) for Cloud Composer environments that has only the required set of permissions that are necessary to run the environment and perform operations defined in your DAGs. The **Composer Worker** (`composer.worker`) role provides this required set of permissions in most cases. Add extra permissions to this service account only when it's necessary for the operation of your DAGs. \n |\n | Although we recommend against using this approach, if you don't specify an environment's service account, then your Cloud Composer environment uses the default Compute Engine service account. The default Compute Engine service account usually has the **Editor** basic role, which contains many more permissions than necessary to run Cloud Composer environments and thus creates a risk of DAGs using broader permissions than intended.\n- Maintaining proper permissions in IAM for the environment's\n bucket\n\n .\n\n | **Caution:** Users with read-write access to the following components:\n | - Your environment's bucket\n | - Artifact Registry repositories with container images used by: `GKEPodOperator`, or `GKEStartPodOperator`\n |\n | can deploy their own versions of DAGs or container images to an environment\n | even without explicit Cloud Composer-related permissions.\n | These DAGs or images can be later executed in your environment\n | with the permissions of the Cloud Composer environment\n | service account.\n- Maintaining proper IAM permissions for a service account\n that performs PyPI packages installations. For more information, see\n [Access control](/composer/docs/composer-3/access-control#service-account-security).\n\n | **Caution:** Users with read-write access to the environment's bucket or those who can initiate PyPI packages installations can initate the process of building images on behalf of a service account which is used to perform such builds. This service account is called the environment's service account that is specified during the environment creation, It can be a user-provided service account, or the default service account.\n- Maintaining proper end user permissions in IAM and Airflow\n UI Access Control configuration.\n\n- Keeping Airflow database size below\n 20 GB through\n using the [maintenance DAG](/composer/docs/composer-3/cleanup-airflow-database).\n\n- Resolving all DAG parsing issues before raising support cases to\n Cloud Customer Care.\n\n- Naming DAGs in a proper way (for example, without using invisible characters\n like SPACE or TAB in DAG names) so that metrics can be reported correctly\n for DAGs.\n\n- Upgrade the code of DAGs so that it doesn't use deprecated operators and\n migrate to their up to date alternatives. Deprecated operators might be\n removed from Airflow providers, which might impact your plans to upgrade\n to a later Cloud Composer or Airflow version. The deprecated\n operators are also not maintained and they must be used 'as is'.\n\n- Configuring proper IAM permissions when using secret\n backends like Secret Manager so that the environment's\n service account has access to it.\n\n- Adjusting Cloud Composer environment parameters (such as CPU and\n memory for Airflow components) and Airflow configurations to meet\n performance and load expectations of Cloud Composer environments\n using\n [Cloud Composer optimization guide](/composer/docs/composer-3/optimize-environments)\n and [environment scaling guide](/composer/docs/composer-3/scale-environments).\n\n- Avoiding removing permissions required by Cloud Composer Agent and\n environment's service accounts (removing these permissions can lead either\n to failed management operations or to DAG and task failures).\n\n- Keeping\n [all services and APIs required by Cloud Composer](/composer/docs/composer-3/enable-composer-service#required-services)\n always enabled. These dependencies must have quotas configured at levels\n required for Cloud Composer.\n\n- [Following recommendations and best practices](/composer/docs/composer-3/write-dags) for\n implementing DAGs.\n\n- Diagnosing DAG and task failures using instructions for\n [scheduler troubleshooting](/composer/docs/composer-3/troubleshooting-scheduling),\n [DAG troubleshooting](/composer/docs/composer-3/troubleshooting-dags) and\n [triggerer troubleshooting](/composer/docs/composer-3/troubleshooting-triggerer).\n\nWhat's next\n-----------\n\n- [Access control with IAM](/composer/docs/composer-3/access-control)\n- [Clean up the Airflow database](/composer/docs/composer-3/cleanup-airflow-database)\n- [Security overview](/composer/docs/composer-3/composer-security-overview)"]]