Skip to content
V2
/
/
Data Delivery Using GCS
Last updated

Data Delivery Using GCS

How to Set Up GCS Delivery

The following step-by-step instructions describe how to configure IAM access permissions for Forager in your Google Cloud console so that you can use a Cloud Storage bucket to unload Forager data:

1. Creating a custom IAM role

Create a custom role that has the permissions required to access the bucket and get objects.

  1. Sign in to the Google Cloud console as a project editor.
  2. From the home dashboard, select IAM & Admin » Roles.
  3. Select Create Role.
  4. Enter a Title and optional Description for the custom role.
  5. Select Add Permissions.
  6. Filter the list of permissions, and add the following from the list:

Required permissions

  • storage.buckets.get
  • storage.objects.create
  • storage.objects.delete
  • storage.objects.list
  • storage.multipartUploads.abort
  • storage.multipartUploads.create
  • storage.multipartUploads.list
  • storage.multipartUploads.listParts
  1. Select Add.
  2. Select Create.

2. Assigning the Custom Role to Forager Cloud Storage Service Account

  1. Sign in to the Google Cloud console as a project editor.
  2. From the home dashboard, select Cloud Storage » Buckets.
  3. Filter the list of buckets, and select the bucket that you specified when you created your storage integration.
  4. Select Permissions » View by principals, then select Grant access.
  5. Under Add principals, paste the name of the the below service account, k9kb00000@awseucentral2-1-0c24.iam.gserviceaccount.com
  6. Under Assign roles, select the custom IAM role that you created previously, then select Save.

Important

If your Google Cloud organization was created on or after May 3, 2024, Google Cloud enforces a domain restriction constraint in project organization policies. The default constraint lists your domain as the only allowed value. You will need to modify your Organization Policy to allow for external services to access your bucket.

3. (Optional) Granting the Cloud Storage service account permissions on the Cloud Key Management Service cryptographic keys

Note

This step is required only if your GCS bucket is encrypted using a key stored in the Google Cloud Key Management Service (Cloud KMS).

  1. Sign in to the Google Cloud console as a project editor.
  2. From the home dashboard, search for and select Security » Key Management.
  3. Select the key ring that is assigned to your GCS bucket.
  4. Click SHOW INFO PANEL in the upper-right corner. The information panel for the key ring slides out.
  5. Click the ADD PRINCIPAL button.
  6. In the New principals field, search for the Forager service account name k9kb00000@awseucentral2-1-0c24.iam.gserviceaccount.com.
  7. From the Select a role dropdown, select the Cloud KMS CrytoKey Encryptor/Decryptor role.
  8. Click the Save button. The service account name is added to the Cloud KMS CrytoKey Encryptor/Decryptor role dropdown in the information panel.

4. Provide your bucket name to Forager

Once the bucket is set up, send the following details to Forager.ai:

  • gcs://<your-bucket-name>/<desired-path>

Our team will configure the data delivery to send data directly to your GCS bucket.

File output paths and file names

Read more about file paths here.

Need Help?

📩 For Support: Contact us at support@forager.ai.

Previous page
Next page