Set up a project and permissions

This page shows how to create a Google Cloud project, enable AML AI, create authentication credentials, and grant your account one or more IAM roles.

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. Install the Google Cloud CLI.
  3. To initialize the gcloud CLI, run the following command:

    gcloud init
  4. Create or select a Google Cloud project.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  5. Make sure that billing is enabled for your Google Cloud project.

  6. Enable the required APIs:

    gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com
  7. If you're using a local shell, then create local authentication credentials for your user account:

    gcloud auth application-default login

    You don't need to do this if you're using Cloud Shell.

  8. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin

    gcloud projects add-iam-policy-binding PROJECT_ID --member="USER_IDENTIFIER" --role=ROLE
    • Replace PROJECT_ID with your project ID.
    • Replace USER_IDENTIFIER with the identifier for your user account. For example, user:myemail@example.com.

    • Replace ROLE with each individual role.
  9. Install the Google Cloud CLI.
  10. To initialize the gcloud CLI, run the following command:

    gcloud init
  11. Create or select a Google Cloud project.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  12. Make sure that billing is enabled for your Google Cloud project.

  13. Enable the required APIs:

    gcloud services enable financialservices.googleapis.com bigquery.googleapis.com cloudkms.googleapis.com
  14. If you're using a local shell, then create local authentication credentials for your user account:

    gcloud auth application-default login

    You don't need to do this if you're using Cloud Shell.

  15. Grant roles to your user account. Run the following command once for each of the following IAM roles: roles/financialservices.admin, roles/cloudkms.admin, roles/bigquery.admin

    gcloud projects add-iam-policy-binding PROJECT_ID --member="USER_IDENTIFIER" --role=ROLE
    • Replace PROJECT_ID with your project ID.
    • Replace USER_IDENTIFIER with the identifier for your user account. For example, user:myemail@example.com.

    • Replace ROLE with each individual role.
  16. These roles fulfill the following required permissions:

    Required permissions

    The following permissions are required to complete the quickstart and are needed to perform many vital operations in AML AI.

    Permission Description
    cloudkms.keyRings.createCreate a Cloud KMS key ring
    cloudkms.cryptoKeys.createCreate a Cloud KMS key
    financialservices.v1instances.createCreate an AML AI instance
    financialservices.operations.getGet an AML AI operation
    cloudkms.cryptoKeys.getIamPolicyGet the IAM policy on a Cloud KMS key
    cloudkms.cryptoKeys.setIamPolicySet the IAM policy on a Cloud KMS key
    bigquery.datasets.createCreate a BigQuery dataset
    bigquery.datasets.getGet a BigQuery dataset
    bigquery.transfers.getGet a BigQuery Data Transfer Service transfer
    bigquery.transfers.updateCreate or delete a BigQuery Data Transfer Service transfer
    bigquery.datasets.setIamPolicySet the IAM policy on a BigQuery dataset
    bigquery.datasets.updateUpdate a BigQuery dataset
    financialservices.v1datasets.createCreate an AML AI dataset
    financialservices.v1engineconfigs.createCreate an AML AI engine config
    financialservices.v1models.createCreate an AML AI model
    financialservices.v1backtests.createCreate an AML AI backtest result
    financialservices.v1backtests.exportMetadataExport metadata from an AML AI backtest result
    financialservices.v1instances.importRegisteredPartiesImport registered parties into an AML AI instance
    financialservices.v1predictions.createCreate an AML AI prediction result
    bigquery.jobs.createCreate a BigQuery job
    bigquery.tables.getDataGet data from a BigQuery table
    financialservices.v1predictions.deleteDelete an AML AI prediction result
    financialservices.v1backtests.deleteDelete an AML AI backtest result
    financialservices.v1models.deleteDelete an AML AI model
    financialservices.v1engineconfigs.deleteDelete an AML AI engine config
    financialservices.v1datasets.deleteDelete an AML AI dataset
    financialservices.v1instances.deleteDelete an AML AI instance
    bigquery.datasets.deleteDelete a BigQuery dataset