AdministrationData connections

Connecting Google Cloud Storage

Commercial & Enterprise

Connect Google Cloud Storage containers to AI Hub.

About this connection

Review the following functionality, limitations, and other considerations when connecting a Google Cloud Storage container.

  • Functionality — Connected Google Cloud Storage containers are supported for use as a source of input files, a destination for file output, and as an upstream or downstream integration in deployments.

  • Authentication — AI Hub requires the use of a Google Cloud Storage service account to connect to your storage container. AI Hub authenticates using a private key file associated with the service account.

  • Supported content — Any supported file types. You can specify a specific folder path as the mount point, otherwise the container’s root directory (/) is mounted and all contents are accessible.

Connecting Google Cloud Storage

Before you begin

Ensure you’ve set up a Google Cloud Storage account with the required roles and access and generated a private key file. For guidance, see Configuring a Google Cloud Storage service account.

  1. In Workspaces, select a workspace to connect the drive to, then select the Data tab.

  2. Click Add data source, then select Google Cloud Storage.

  3. Select an audience.

    • Workspace members (Recommended) — Connect the drive to the selected workspace. Only members of the selected workspace have access.

    • Organization members — Connect the drive at the organization level, making it available to all workspaces.

  4. Enter a display name for the drive. This name can’t be changed later.

  5. Fill in your authentication and container details, then click Next.

    SettingRequiredDescription
    Bucket nameRequiredThe name of your Google Cloud Storage bucket.
    Path to driveOptionalA prefix to mount all files in the Google Cloud Storage bucket. Leave empty to accept default (mounting to root).
    Server-side encryption typeRequiredThe following server-side encryption types are supported:

    • GCS AES-256 — Uses Google-managed server-side encryption of files.

    • GCS KMS — Uses Google Cloud Key Management Service (KMS) for server-side encryption of files. When selected, a valid server-side encryption KMS key ID is required.
    Server-side encryption KMS key IDVisible and required when Server-side encryption type is set to GCS KMS.The Cloud KMS Resource ID.
    See the Google Cloud Getting a Cloud KMS Resource ID documentation for additional information.
    Upload the private key file for your Google Cloud Storage service accountRequiredThe credentials for your Google Cloud Storage service account. Upload the credentials as a .json file.

  6. Click Add.

Configuring a Google Cloud Storage service account

Connecting Google Cloud Storage as a drive requires a Google Cloud Storage service account. The Google Cloud Storage documentation is the most up-to-date reference, but the general process is described here.

  1. From the Google Cloud console, create a Google Cloud Storage bucket with uniform access control. For improved security, create it as a private bucket.

  2. Create a service account in Google Cloud’s Identity and Access Management (IAM) system.

  3. In the Google Cloud console, create a key pair for the service account, selecting JSON as the key type.

  4. Download the JSON credentials file for the service account.

  5. Assign the service account the Storage Admin and Storage Object Admin roles for bucket access.

    For more details, see the Google IAM permission documentation.

  6. Find the Client ID for the service account (available on the Service accounts page).

  7. Using a Google Workplace administrator account, search for the service account’s client ID, and grant the service account access to the Google Cloud Platform OAuth scope www.googleapis.com/auth/cloud-platform.

    See the Google service account documentation for further guidance.

Updating a connection

Select configuration changes are supported.

  • You can update the service account’s private key file.

  1. In Workspaces, select All workspaces, then select the Data tab.

  2. Click the overflow icon Icon with three stacked vertical dots. of the drive to update, then select Modify configuration.

  3. Make any changes, then click Update to confirm.

Removing a connection

You can remove a connected drive to disconnect it and revoke AI Hub’s access to its contents.

Before you begin

Review the following limitations:

  • Removing a drive completely disconnects the drive from AI Hub. Any processed AI Hub files stored on the drive aren’t deleted, but AI Hub loses the ability to reference those files in the future. While you can later reconnect the drive, doing so doesn’t restore the ability to reference files previously saved to the drive. To reference such files, you must re-upload them.

  1. In Workspaces, select All workspaces, then select the Data tab.

  2. Click the overflow icon Icon with three stacked vertical dots. of the drive to remove, then select Remove.

  3. Type the confirmation text, then click Remove.