Configure Cross-account Catalog to Access GCP Hive Metastore

To connect your e6data Workspace to a Hive Metastore and GCS data source in a different project, please follow the steps below:

Create a Custom IAM Role in the Project Hosting the Cloud Storage Bucket

Navigate to IAM & Admin:

Open the Google Cloud Console: Google Cloud Console.
Go to IAM & Admin > Roles.

Create a New Role:

Click on "Create role".
Enter a Title and Description for the role (e.g., "e6data Custom Role").

Add Permissions:

In the "Permissions" section, add the following permissions:

storage.objects.getIamPolicy
storage.objects.get
storage.objects.list

These permissions will allow the e6data service account to interact with the bucket.

Save the Role:

Click "Create" to save the newly created custom role.

Assign the Custom IAM Role to the e6data Service Account

Access Cloud Storage:

Open the Google Cloud Console: Google Cloud Console.
Navigate to "Cloud Storage" by selecting it from the menu.

Select the Relevant Bucket:

Click on the bucket to which you need to grant access.

Open the Permissions Tab:

In the bucket details page, go to the "Permissions" tab to view the existing IAM policies.

Add a New Member:

Click the "+ Add" button to add a new member to the bucket's IAM policy.

Enter the Service Account’s Email Address:

Input the email address of the e6data service account created as part of the workspace infrastructure in the primary project.

Assign the Custom Role:

Choose the custom role you created in the previous step. Select "Custom" from the role options and enter the role name.

Save Changes:

Click "Save" to apply the new IAM policy to the bucket.

PreviousConfigure Cross-account Catalog to Access AWS Glue NextManage Catalogs

Last updated 3 months ago

#930: Cross account hive GCP

Change request updated 3 months ago