You will connect Elementary Cloud to Bigquery for syncing the Elementary schema (created by the Elementary dbt package).

Create service account:

  1. In the Cloud Console, go to: IAM & Admin > Service Accounts
  2. Click on 'CREATE SERVICE ACCOUNT'
Create service account
  1. Fill in the service account name ('elementary') and account description ('Elementary Data') and click 'CREATE AND CONTINUE':
Create and Continue
  1. Now we need to configure the relevant permissions for this new service account. Select the following role: BigQuery Job User (you will need to grant read access to specific datasets later).
  2. The last step is optional, skip it and press done.
  1. Press on the dots icon to the right of your screen for your new service account and select 'Manage keys':
Manage keys
  1. Press on 'ADD KEY' and select 'Create new key':
Add Key
  1. Use the 'JSON' option radio button and press 'CREATE':
JSON
  1. This will automatically generate and download a JSON file with your private key information for this service account. This JSON file provides the credentials to programmatically connect and work with your BigQuery environment.

Grant service user access to specific datasets

In order for a service user to work with Elementary cloud, it requires the following permissions:
  • Role "BigQuery Data Viewer" on your Elementary dataset.
  • Roles "BigQuery Metadata Viewer", "BigQuery Resource Viewer" on the entire project and any external sources it is referencing.
To grant a role on a specific dataset, follow these steps:
  1. Go to your project in BigQuery console
  2. In the "Explorer" tab, find your desired dataset.
  3. Click on the three dots icon next to the dataset name, then Share.
Dataset share
  1. Click the "ADD PRINCIPAL" button on the top right corner.
Add principal
  1. Fill out the form:
    • In the "New principals" textbox, write the email address of your user.
    • In the "Select a role" dropdown menu, choose the desired role (BigQuery Data Viewer for your Elementary dataset, BigQuery Metadata Viewer, BigQuery Resource Viewer for your dbt dataset).
    • Click "Save".
Grant access Make sure to grant the correct access to your Elementary dataset and your dbt dataset.

Permissions and security

Elementary cloud doesn't require read permissions to your tables and schemas, but only the following:
  • Read-only access to the elementary schema.
  • Access to read metadata in information schema and query history, related to the tables in your dbt project.
It is recommended to create a user using the instructions specified above to avoid granting excess privileges. For more details, refer to security and privacy.

Fill the connection form

Provide the following fields:
  • Service account file: The service account file you generated for Elementary. For more information, refer to Create BigQuery service account.
  • Project: The name of your BigQuery project.
  • Elementary dataset: The name of your Elementary dataset. Usually [dataset name]_elementary.
  • Location: Use this field to configure the location of BigQuery datasets as per the BigQuery documentation.

Add the Elementary IP to allowlist

Elementary IP for allowlist: 3.126.156.226

Need help with onboarding?

We can provide support on Slack or hop on an onboarding call.