Prerequisites
Before you begin, please ensure you have the following:- Permissions to create service accounts and assign IAM roles in your Google Cloud Platform (GCP) project.
- The name of the GCS bucket you want to connect.
- Configure Cross-Origin Resource Sharing (CORS) on your GCS account.
Step 1: Create a custom service account in GCP
First, you will create a new service account in your GCP project that Labelbox will use to access your data.- In the Google Cloud Console, navigate to IAM & Admin > Service Accounts.
- Click Create Service Account.
- Enter a Service account name (e.g.,
labelbox-integration-svc) and a brief description. - Click Create and Continue. You do not need to grant this service account access to the project or grant users access to this service account in this step.
- Click Done.
- From the list of service accounts, copy the email address of the service account you just created. You will need it in the next steps.
Step 2: Assign IAM roles to the service account
Next, you need to grant the new service account the necessary permissions to read data from your GCS bucket and to create security tokens.Part A: Grant access to the GCS bucket
- Navigate to your GCS bucket by going to Cloud Storage > Buckets.
- Select the bucket you want to connect and go to the Permissions tab.
- Click Grant Access.
- In the New principals field, paste the email address of the service account you created in Step 1.
- In the Assign roles dropdown, select the Storage Object Viewer role.
- Click Save.
Part B: Grant service account token creator role
- Navigate back to IAM & Admin > Service Accounts and select the service account you created.
- Go to the Permissions tab for that service account.
- Click Grant Access.
- In the New principals field, paste the same service account email address.
- In the Assign roles dropdown, select the Service Account Token Creator role.
- Click Save.
Step 3: Grant Labelbox access to your service account
Now, you will authorize the official Labelbox service account to act on behalf of the service account you created.- Navigate back to IAM & Admin > Service Accounts and select the service account you created.
- Go to the Permissions tab for that service account.
- Click Grant Access.
- In the New principals field, paste the official Labelbox service account email:
client-gcp-production@labelbox-prod.iam.gserviceaccount.com. - In the Assign roles dropdown, select the Service Account Token Creator role.
- Click Save.
Step 4: Complete the integration in Labelbox
Finally, return to Labelbox to complete the integration setup.- In Labelbox, navigate to Settings > Integrations and click New integration.
- Select Google Cloud Platform.
- On the integration page, provide the following details:
- Integration Name: A descriptive name for your integration.
- GCS Bucket Name: The name of your GCS bucket (e.g.,
my-bucket). - Service Account Email: The email address of the custom service account you created in Step 1.
- Click Save integration.
Step 5: Upload your data
Once the connection is successfully established, you can begin uploading your data to Labelbox.Import image data
Import text data
Import document data
Import HTML data
Import video data
Import geospatial data
Import audio data
rowData for each Data Row will be updated as follows (the queryParams contain signing information):
<https://storage.googleapis.com/${bucket}/${key}?{queryParams}>
Please ensure that you are using
gsutil URIs during data import (JSON file or Python SDK).Example: gs://gcs-lb-demo-bucket/test.png