Set up a Google Cloud project for TPUs

This document describes how to set up your Google Cloud project to use Cloud TPU VMs:

Create a Google Cloud project
Configure your Google Cloud project for Cloud TPU

Create a Google Cloud project

In the Google Cloud console, sign in to your Google Account or sign up for a new account.
Create a Google Cloud project. For more information, see Create a project.
Enable billing for your Google Cloud project. For more information, see the Cloud Billing documentation.

Billing for all Cloud TPU versions uses the standard regional pricing on the Cloud TPU pricing page.

Configure your Google Cloud project for Cloud TPU

You can configure your Google Cloud project using the Cloud Shell, a Compute Engine VM, or your local machine. The Cloud Shell lets you interact with TPU VMs without installing any software. The Cloud Shell disconnects after a period of inactivity. If you run long-running commands, you should install the Google Cloud CLI on your local machine. For more information about the Google Cloud CLI, see the gcloud Reference.

If you use a local machine or a Compute Engine VM, install the Google Cloud CLI. The Google Cloud CLI includes the gcloud command, which you use to work with Google Cloud resources and services.

Note: If you need a specific release of gcloud CLI components, install these components to ensure that relevant commands and flags are supported. For example, for alpha components, run gcloud components install alpha.
Note: If you installed the gcloud CLI previously, ensure you have the latest version by running gcloud components update.

Configure the gcloud command to use your project.

export PROJECT_ID=your-project-id
gcloud config set project $PROJECT_ID

Activate the Compute Engine API using gcloud or the Google Cloud console:
gcloud
gcloud services enable compute.googleapis.com
Console
1. In the Google Cloud console, go to the Compute Engine API page.
  
  Go to Compute Engine API
2. Click Enable.
Ensure your Google Cloud account has the following roles in your project:
- Compute Instance Admin (v1): This role lets you create and manage Compute Engine instances.
- Service Account User: This role lets you run operations as a service account.
- Service Account Admin: This role lets you create a service account.
- Project IAM Admin: This role lets you grant a role in a project.
To view your current roles, see View current access.

To add any missing roles, see Grant a single IAM role or ask your administrator to grant these roles for you.
Create a TPU service account:

Service accounts provide credentials for your TPU VMs to access other Google Cloud resources. To improve security, create a user-managed service account that has only the permissions your TPU VM requires. To use it, specify the service account with the --service-account flag when you create the TPU VM.
1. Follow the instructions in Create service accounts to create a user-managed service account.
2. Grant your service account the following roles so your TPU VM can access common Google Cloud services:
  - Storage Admin: This role provides access to Cloud Storage.
  - Logs Writer: This role lets you write logs with the Cloud Logging API.
  - Monitoring Metric Writer: This role lets you write metrics to Cloud Monitoring.
Note: If you don't specify a custom service account, your Cloud TPU uses the default Compute Engine service account.

What's next

Learn how to plan your Cloud TPU resources
Learn how to create TPUs
Learn how to manage TPUs