Google Cloud Storage

Import your GCS bucket data via IAM Delegated Access.

When you use IAM delegated access to add your unlabeled data to Labelbox, you can keep your assets in GCS and grant Labelbox read-only access to your Google Cloud buckets.

GCP Delegated Access client request flowGCP Delegated Access client request flow

GCP Delegated Access client request flow

Part 1: Create GCP Integration in Labelbox

  1. Navigate to the Integrations tab.

  2. Click New integration.

  3. Specify your GCS bucket name and click Save integration.

  1. Copy the Service Account Email ID and click Finish setup.

Part 2: Configure GCP bucket IAM permissions

  1. In your GCS account, navigate to your GCS bucket permissions.

  2. Click Add permissions.

  3. Paste the Service Account Email ID you copied in Part 1.

  4. Select the Storage Object Viewer predefined role that grants read access to the bucket. Learn more here. Please ensure that you are using the new roles only. It is a common mistake to select a legacy role with a similar name.

  5. Click Save to finalize the permission settings.

Add **Storage Object Viewer** roleAdd **Storage Object Viewer** role

Add Storage Object Viewer role

Part 3: Configure CORS

Follow these instructions to set up the appropriate CORS for the Google Cloud Storage bucket.

Part 4: Validate integration

  1. Create and upload a JSON file containing sample data to Labelbox.

  2. Ensure that the Google integration you just created is set as the default or specified during dataset creation.

  3. Create a project, attach the dataset, and open the dataset in the Labelbox Editor to validate that the integration is functioning properly.


Only gsutil URIs are supported

Please ensure that you are using gsutil URIs during data import (JSON file or Python SDK).

Example gsutil URI: gs://gcs-lb-demo-bucket/test.png


Row data

If a dataset is signed by a GCP IAM integration, we attempt to sign all its DataRows with this integration. The value of rowData for each DataRow will be updated as follows:${bucket}/${key}?{queryParams}

where the queryParams contain signing info


One bucket per integration

Only one bucket is supported per integration.


Spaces in filenames can be problematic

For optimal performance, eliminate all spaces in filenames before uploading them to your Google Cloud bucket.

Did this page help you?