Provisioning Federated Credentials
Setting up Federated Credentials in Google Cloud Platform
The most secure method for connecting data from your Azure storage to Deep Lake is using Federated Credentials, which are set up using the steps below:
Step 1: Create Google Cloud Service Account
1. If you already have a service account, skip to Step 2
2. Navigate to IAM & Admin -> Service Accounts -> CREATE SERVICE ACCOUNT
3. Enter the service account id, and optional name and description. Make sure to copy the email address and and click on CREATE AND CONTINUE.
4. Click CONTINUE without entering any information.
5. Enter [email protected] in the Service account users role and click DONE.
Step 2: Grant Access to the bucket using a Service Account Principal
1. Navigate to Cloud Storage and Buckets.
2. Select Edit Access for the bucket you want to connect to Activeloop.
3. Select Add Principal.
4. Enter the Service Account Email, select the role as Storage Object Admin, and click Save. If the bucket is encrypted with customer managed KMS key, then Cloud KMS CryptoKey Encrypter/Decrypter should be added in the Role field as well.
Step 3: Enter the Service Account Email (Step 2) into the Activeloop App
See the first video in the managed credentials overview