Skip to main content

Access resources from Google Cloud

Check your docs version

This version of the Anyscale docs is deprecated. Go to the latest version for up to date information.

This page describes how you can access Google Cloud (GCP) resources from your Anyscale Cloud deployed on GCP. If you want to access GCP resources from Anyscale Clouds deployed on AWS, contact our support team.

Anyscale Cluster Service Accounts

Each Anyscale Cloud on GCP has a default Service Account. By default, all Anyscale Clusters within the Cloud run with this Service Account. This Service Account looks like the following:

<Anyscale Cloud ID with dashes, not underscores>@<project_id>.iam.gserviceaccount.com
e.g. cld-xyzabc@<project_id>.iam.gserviceaccount.com
  • For GCE-based deployments, the project ID is the GCP project associated with your cloud.
  • For legacy GKE deployments, the Service Account can be found in the Provider Identity column in clouds table on the configurations page.
info

Determine the Service Account on a running Cluster by running:

python -c "import google.auth.transport.requests; c,_=google.auth.default(); \
c.refresh(google.auth.transport.requests.Request()); print(c.service_account_email)"
info

If you want to use an existing Service Accounts for Clusters, follow the instructions here.

Access data in Google Cloud Storage

You can perform operations on your GCS data on any Anyscale Cluster as long as the Service Account it runs with has proper permissions.

  • Learn more about how to grant permission to your own GCS buckets

Access Secret stored in GCP Secret Manager

There are many situations where your application or Cluster needs access to Secrets stored in GCP Secret Manager.

  • Learn more about how to grant permission to your own GCS buckets