bigquery/ERR/2023_007

Data Transfer Service Agent exists and has the required roles.

Product: BigQuery Rule class: ERR - Something that is very likely to be wrong

Description

To verify that the BigQuery Data Transfer service agent exists and has been granted the IAM role roles/bigquerydatatransfer.serviceAgent, please navigate to the IAM page and click on the ‘Include Google-provided role grants’ check box. In the ‘VIEW BY PRINCIPALS’ tab, please check if a service account with the email address format service-<project_id>@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com exists and has the IAM role roles/bigquerydatatransfer.serviceAgent.

Remediation

If the Data Transfer service agent does not exist when the Data Transfer service API is enabled, then please create the service agent manually by following Manual Service Agent Creation

When you manually trigger service agent creation, Google doesn’t grant the predefined service agent role automatically. You must manually grant the service agent the predefined role using the following Google Cloud CLI command:

gcloud projects add-iam-policy-binding project_number \
--member serviceAccount:service-project_number@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com \
--role roles/bigquerydatatransfer.serviceAgent

Further information

Read more about BigQuery Data Transfer Service