Google Cloud Storage

Import your GCS bucket data via IAM Delegated Access.

When you use IAM delegated access to add your unlabeled data to Labelbox, you can keep your assets in GCS and grant Labelbox read-only access to your Google Cloud buckets.

GCP Delegated Access client request flowGCP Delegated Access client request flow

GCP Delegated Access client request flow

Part 1: Create GCP Integration in Labelbox

First, you will need to open a new integration in the Labelbox UI.

  1. Navigate to the Integrations tab.

  2. Click New integration.

  3. Specify your GCS bucket name and click Save integration.

  1. Copy the Service Account Email ID and click Finish setup.

Part 2: Configure GCP bucket IAM permissions

Next, you will need to configure the settings in your GCP account for this integration.

🚧

Spaces in filenames can be problematic

For optimal performance, eliminate all spaces in filenames before uploading them to your Google Cloud bucket.

  1. In your GCS account, navigate to your GCS bucket permissions.

  2. Click Add permissions.

  3. Paste the Service Account Email ID you copied in Part 1.

  4. Select the Storage Object Viewer predefined role that grants read access to the bucket. Learn more here. Make sure that you are using the new roles only. It is a common mistake to select a legacy role with a similar name.

  5. Click Save to finalize the permission settings.

Add **Storage Object Viewer** roleAdd **Storage Object Viewer** role

Add Storage Object Viewer role

📘

Note

Only one bucket is supported per integration.

Part 3: Configure CORS

Follow these instructions to set up the appropriate CORS for the Google Cloud Storage bucket.

Part 4: Validate integration

Finally, you will need to validate whether the integration was set up properly in the Labelbox UI.

  1. Create and upload a JSON file containing sample data to Labelbox.

  2. Ensure that the Google integration you just created is set as the default or specified during dataset creation.

  3. Create a project, attach the dataset, and open the dataset in the Labelbox Editor to validate that the integration is functioning properly.

If a dataset is signed by a GCP IAM integration, Labelbox will attempt to sign all Data Rows with this integration. The value of rowData for each Data Row will be updated as follows:

https://storage.googleapis.com/${bucket}/${key}?{queryParams}

The queryParams contain signing information.

📘

Only gsutil URIs are supported

Please ensure that you are using gsutil URIs during data import (JSON file or Python SDK).

Example gsutil URI: gs://gcs-lb-demo-bucket/test.png


Did this page help you?