You can run the Cloud Life Sciences API in Shared VPC. Using Shared VPC, you can connect resources from multiple projects to a common Virtual Private Cloud (VPC) network, so that they can communicate with each other securely and efficiently using internal IPs from that network.
To provision Shared VPC, you must
grant the roles/compute.networkUser
role to the Cloud Life Sciences Service Agent service account in the host project.
The service account uses the format
service-PROJECT_NUMBER@gcp-sa-lifesciences.iam.gserviceaccount.com.
To grant the roles/compute.networkUser
role, run the gcloud projects add-iam-policy-binding
command. To find the PROJECT_ID and PROJECT_NUMBER
of the Shared VPC host project,
see Identifying projects.
gcloud projects add-iam-policy-binding PROJECT_ID \ --member=serviceAccount:service-PROJECT_NUMBER@gcp-sa-lifesciences.iam.gserviceaccount.com \ --role=roles/compute.networkUser
If the request is successful, the command prompt displays a message similar to the following sample:
Updated IAM policy for project [PROJECT_ID]. bindings: ... - members: - serviceAccount:service-PROJECT_NUMBER@gcp-sa-lifesciences.iam.gserviceaccount.com role: roles/computet.networkUser ... etag: VALUE version: VALUE