Configure Cross-account Catalog to Access GCP Hive Metastore
To connect your e6data Workspace to a Hive Metastore and GCS data source in a different project, please follow the steps below:
Create a Custom IAM Role in the Project Hosting the Cloud Storage Bucket
Navigate to IAM & Admin:
Open the Google Cloud Console: Google Cloud Console.
Go to
IAM & Admin
>Roles
.
Create a New Role:
Click on "Create role".
Enter a Title and Description for the role (e.g., "e6data Custom Role").
Add Permissions:
In the "Permissions" section, add the following permissions:
These permissions will allow the e6data service account to interact with the bucket.
Save the Role:
Click "Create" to save the newly created custom role.
Assign the Custom IAM Role to the e6data Service Account
Access Cloud Storage:
Open the Google Cloud Console: Google Cloud Console.
Navigate to "Cloud Storage" by selecting it from the menu.
Select the Relevant Bucket:
Click on the bucket to which you need to grant access.
Open the Permissions Tab:
In the bucket details page, go to the "Permissions" tab to view the existing IAM policies.
Add a New Member:
Click the "+ Add" button to add a new member to the bucket's IAM policy.
Enter the Service Account’s Email Address:
Input the email address of the e6data service account created as part of the workspace infrastructure in the primary project.
Assign the Custom Role:
Choose the custom role you created in the previous step. Select "Custom" from the role options and enter the role name.
Save Changes:
Click "Save" to apply the new IAM policy to the bucket.
Last updated