Google BigQuery Destination
Use your existing Cloud Storage Bucket or create one if needed.
Follow the steps in the Cloud Storage documentation to create one.
Create a Custom IAM Role.
Use the following permissions and follow the IAM Role documentation.
Assign BigQuery and GCS Roles to your service account. Ensure your service account has the necessary roles to run the BigQuery load job.
BigQuery Roles:
BigQuery Data Editor: Grants permissions to read, create, update, and delete tables.
BigQuery Job User: Grants permissions to run jobs within the project.
# Assign the BigQuery Data Editor role gcloud projects add-iam-policy-binding your-project-id \ --member=user:your-email@example.com \ --role=roles/bigquery.dataEditor # Assign the BigQuery Job User role gcloud projects add-iam-policy-binding your-project-id \ --member=user:your-email@example.com \ --role=roles/bigquery.jobUser
Create a new Service Account and assign Roles.
Follow the steps in the Service Account documentation to create a new service account and assign the roles from the previous step.
Grant Permissions to the Bucket.
Assign the required roles to the service account for the specific bucket by following the Bucket Permissions documentation.
Record Credentials.
Securely download and record the JSON key file for the new service account.
Permissions Summary
BigQuery Permissions
bigquery.jobs.createbigquery.tables.updatebigquery.tables.createbigquery.tables.getbigquery.tables.delete
Google Cloud Storage Permissions
storage.buckets.getstorage.buckets.liststorage.objects.getstorage.objects.createstorage.objects.delete