Creating an Apache Iceberg REST catalog in the Google Cloud console establishes a management endpoint within the Lakehouse runtime catalog. This endpoint points to an underlying Cloud Storage warehouse bucket, providing a metadata layer that lets multiple query engines interact directly with your open table formats.
When creating your catalog for Lakehouse for Apache Iceberg, you can choose between end-user credentials or credential vending mode for storage access delegation.
Before you begin
-
Verify that billing is enabled for your Google Cloud project.
-
Enable the BigLake API.
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission. Learn how to grant roles.
Required roles
To get the permissions that you need to create a catalog in the Google Cloud console, ask your administrator to grant you the following IAM roles on your project:
- BigLake Admin (
roles/biglake.admin) - Storage Admin (
roles/storage.admin)
For more information about granting roles, see Manage access to projects, folders, and organizations.
You might also be able to get the required permissions through custom roles or other predefined roles.
Create a catalog
In the Google Cloud console, open the Lakehouse page.
Click Create catalog. The Create catalog page opens.
For Select a Cloud Storage bucket, enter the name of the Cloud Storage bucket to use with your catalog. Alternatively, click Browse to choose from a list of existing buckets or to create a new one. You can only have one catalog per Cloud Storage bucket.
For Authentication method, select either End-user credentials or Credential vending mode.
Click Create.
Your catalog is created and the Catalog details page opens.
Under Authentication method, click Set bucket permissions.
In the dialog, click Confirm.
This verifies that your catalog's service account has the Storage Object User role on your storage bucket.