Prepare IAM permissions and storage

Stay organized with collections Save and categorize content based on your preferences.

To prepare Google Cloud permissions and storage, choose one of the following options:

  • Recommended: Transfer Appliance Cloud Setup Application. Within the Google Cloud Console, you activate Google Cloud Shell and download a small application. The application prompts you for values and configures Google Cloud permissions and storage. Then you send relevant data to the Transfer Appliance Team.

  • Step-by-step configuration. You use either the Google Cloud console or a command line prompt to configure your Google Cloud permissions and storage. You apply all necessary changes and send relevant data to the Transfer Appliance Team.

Service account quick reference

The following service accounts and roles are required. They are configured during the setup process.

Service Account Roles Required in Customer Project Role Required in Destination Bucket Comment
SESSION_ID@transfer-appliance-zimbru.iam.gserviceaccount.com N/A Storage Admin For offline ingestion

project-TENANT_IDENTIFIER@storage-transfer-service.iam.gserviceaccount.com

The project identifier belongs to the tenant project.

N/A Storage Admin A Google-managed service agent for offline ingestion.

project-CUSTOMER_IDENTIFIER@storage-transfer-service.iam.gserviceaccount.com

The project identifier belongs to the customer project.

  • Pub/Sub Editor
Storage Admin A Google-managed service agent used for online transfer.

name@customer-project.iam.gserviceaccount.com

A customer-managed service account in your project, created as part of preparing for online transfer.

  • Pub/Sub Editor
  • Storage Transfer Admin
Storage Admin For online transfer only