Access resources from Google Cloud
This page describes how you can access Google Cloud (GCP) resources from your Anyscale Cloud deployed on GCP. If you want to access GCP resources from Anyscale Clouds deployed on AWS, contact our support team.
Anyscale Cluster Service Accounts
Each Anyscale Cloud on GCP has a default Service Account. By default, all Anyscale Clusters within the Cloud run with this Service Account. This Service Account looks like the following:
<Anyscale Cloud ID with dashes, not underscores>@<project_id>.iam.gserviceaccount.com
e.g. cld-xyzabc@<project_id>.iam.gserviceaccount.com
- For GCE-based deployments, the project ID is the GCP project associated with your cloud.
- For legacy GKE deployments, the Service Account can be found in the
Provider Identitycolumn in clouds table on the configurations page.
Determine the Service Account on a running Cluster by running:
python -c "import google.auth.transport.requests; c,_=google.auth.default(); \
c.refresh(google.auth.transport.requests.Request()); print(c.service_account_email)"
If you want to use an existing Service Accounts for Clusters, follow the instructions here.
Access data in Google Cloud Storage
You can perform operations on your GCS data on any Anyscale Cluster as long as the Service Account it runs with has proper permissions.
- Learn more about how to grant permission to your own GCS buckets
Access Secret stored in GCP Secret Manager
There are many situations where your application or Cluster needs access to Secrets stored in GCP Secret Manager.
- Learn more about how to grant permission to your own GCS buckets