Set up Gemini Cloud Assist

Before you can use Gemini Cloud Assist , your administrator needs to perform the setup steps that are described in this document. Gemini Cloud Assist can be set up for a project or a folder .

Set up Gemini Cloud Assist for a project

The following steps detail how to set up Gemini Cloud Assist for a project in the Google Cloud console or using Google Cloud CLI.

Console

Go to the Admin for Geminipage.

Go to Gemini for Google Cloud
From the project picker at the top of the page, select your project resource.
Select Get Gemini Cloud Assist.
In the Get Gemini Cloud Assistdialog, do the following:
1. Select the expander arrow found in the Required & recommended APIssection.
2. Ensure the following required APIs are enabled: Gemini Cloud Assist APIand Gemini for Google Cloud API.
3. In the Recommended APIslist, select the APIs you want to enable.
4. Optional: Select Help Google improve Cloud Assist by sharing your prompts and answers.
5. Select Enable Gemini Cloud Assist at no cost.
Click Save.
Grant the IAM roles that are required to use Gemini Cloud Assist.
1. Go to the IAM & Adminpage.
  
  Go to IAM & Admin
2. In the Principalcolumn, find a principal for which you want to give access to Gemini Cloud Assist, and then click Edit principalin that row.
3. In the Edit accesspane, click Add another role.
4. In Select a role, select Gemini Cloud Assist User.
5. Click Add another roleand select Recommender Viewer.
6. If the principal wants to get assistance with products they don't already have access to, you might need to grant them additional IAM roles by clicking Add another roleand selecting additional roles. See IAM requirements for using Gemini Cloud Assist for a table of IAM roles that enable an optimal Gemini Cloud Assist experience for different products.

gcloud

In the Google Cloud console, activate Cloud Shell.

Activate Cloud Shell
Enable the Gemini Cloud Assist API using the gcloud services enable command :
```
 gcloud  
services  
 enable 
  
geminicloudassist.googleapis.com 
```
This step also enables the Gemini for Google Cloud API, which is also required to use Gemini Cloud Assist.

If you want to enable the Gemini Cloud Assist API in a different Google Cloud project, add the --project parameter:
```
 gcloud  
services  
 enable 
  
geminicloudassist.googleapis.com  
--project  
 PROJECT_ID 
 
```
The output is similar to the following:
```
Waiting for async operation operations/acf.2e2fcfce-8327-4984-9040-a67777082687 to complete...
Operation finished successfully.
```
(Optional) Enable recommended APIs using the gcloud services enable command as you did to enable the Gemini Cloud Assist API.
Grant IAM roles in a Google Cloud project. For more information, see Grant a single role and gcloud projects add-iam-policy-binding .
1. Grant the roles/geminicloudassist.user role:
```
gcloud projects add-iam-policy-binding PROJECT_ID 
\
  --member= PRINCIPAL 
--role=roles/geminicloudassist.user
```
  Replace the following:
  - PROJECT_ID : the ID of your Google Cloud project—for example, 1234567890 .
  - PRINCIPAL : the identifier for the principal—for example, user:cloudysanfrancisco@gmail.com .
  The output is a list of policy bindings that includes the following:
```
 - members:
  - user: PRINCIPAL 
role: roles/geminicloudassist.user 
```
2. Repeat the previous step for the role roles/recommender.viewer .
3. If the principal wants to get assistance with products they don't already have access to, you might need to grant them additional IAM roles. See IAM requirements for using Gemini Cloud Assist for a table of IAM roles that enable an optimal Gemini Cloud Assist experience for different products.

API

These instructions use cURL to call API methods.

Enable the Gemini Cloud Assist API using the services.enable method :
```
curl -X POST \
  -H "Authorization: Bearer $(gcloud auth print-access-token)" \
  "https://serviceusage.googleapis.com/v1/projects/ PROJECT_ID 
/services/geminicloudassist.googleapis.com:enable"
```
Replace PROJECT_ID with the ID of the project for which you are enabling Gemini Cloud Assist.

If the command succeeds, it returns a long-running operation , which includes a name field. You can use the value in the name field to check the status of the operation .

Note: Enabling the service geminicloudassist.googleapis.com also enables the service cloudaicompanion.googleapis.com , which is required to use Gemini Cloud Assist.
(Optional) Enable recommended APIs using the services.enable method as you did to enable the Gemini Cloud Assist API.
Grant IAM roles for the associated Google Cloud project.
1. Create a JSON file that contains the following information:
```
{
    "options": {
      "requestedPolicyVersion": 3
    }
  }
```
2. Retrieve the existing IAM policy for the project using the projects.getIamPolicy method :
```
curl -X POST --data-binary @ JSON_FILE_NAME 
\
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json" \
    "https://cloudresourcemanager.googleapis.com/v1/projects/ PROJECT_ID 
:getIamPolicy"
```
  Replace the following:
  - JSON_FILE_NAME : the path for the JSON file that you created in the previous step.
  - PROJECT_ID : the ID for the project.
  If successful, the response returns the project's IAM policy.
3. Copy the project's IAM policy to an empty JSON file, and add the following information to the existing content:
```
{
    "role": "roles/geminicloudassist.user",
    "members": [
      " PRINCIPAL 
"
    ]
  },
  {
    "role": "roles/recommender.viewer",
    "members": [
      " PRINCIPAL 
"
    ]
  }
```
  Replace PRINCIPAL with the identifier for the principal to which you are granting Gemini Cloud Assist access.
4. Apply the updated IAM policy to the project using the projects.setIamPolicy method :
```
curl -X POST --data-binary @ JSON_FILE_NAME 
\
    -H "Authorization: Bearer $(gcloud auth print-access-token)" \
    -H "Content-Type: application/json" \
    "https://cloudresourcemanager.googleapis.com/v1/projects/ PROJECT_ID 
:setIamPolicy"
```
  Replace the following:
  - JSON_FILE_NAME : the path for the JSON file that you created in the previous step.
  - PROJECT_ID : the ID for the project.
  If successful, the response returns the project's updated IAM policy.
5. If the principal wants to get assistance with products they don't already have access to, you might need to grant them additional IAM roles. See IAM requirements for using Gemini Cloud Assist for a table of IAM roles that enable an optimal Gemini Cloud Assist experience for different products.

Set up Gemini Cloud Assist for a folder

The following steps detail how to set up Gemini Cloud Assist for a folder using the Google Cloud console. You can't use the Google Cloud CLI or the API to set up Gemini Cloud Assist for folders.

Enable required and recommended APIs.
1. Go to the Admin for Geminipage.
  
  Go to Admin for Gemini
2. From the project picker at the top of the page, select your folder resource.
3. Select Enable Cloud Assist APIs.
  
  The Enable API for existing projects within folderdialog appears.
4. In the Enable API for existing projects within a folderdialog, select the expander arrow found in the Required & recommended APIssection.
5. In the Recommended APIslist, select any optional APIs you want to enable.
6. Optional: Select Help Google improve Cloud Assist by sharing your prompts and answers.
7. Select Enable Gemini Cloud Assist at no cost.
  
  This step enables the required and selected recommended APIs for all projects in the folder. If you want exceptions for some projects in the folder, then you can block API enablement by setting a Restrict Resource Service Usage organization policy constraint on those projects. For more information, see Restricting resource usage .
Grant the following IAM roles or create custom roles with equivalent permissions on the folder :
- Cloud Assist User
- Cloud Asset Viewer
- Recommender Viewer
If the principal wants to get assistance with products they don't already have access to, you might need to grant them additional IAM roles. See IAM requirements for using Gemini Cloud Assist for a table of IAM roles that enable an optimal Gemini Cloud Assist experience for different products.
If you are using Gemini Cloud Assist with applications, then you must also enable application management at the folder level . This step creates a management project to which you must link a billing account.
1. Return to the Admin for Geminipage.
  
  Go to Admin for Gemini
2. Select Enable App Management.
  
  The IAM & Adminsettings page appears.
3. Select Enablein the App-enablementsection of the page.
  
  The Enable application APIs on this folderdialog appears.
4. Select Enable.
  
  A status bar displays the progress of the API enablement. The IAM & Adminsettings page refreshes when API enablement completes.
5. Select Manage billing.
  
  The Linked accountpage appears.
6. Select a billing account from the list, and then select Set account.
Grant the IAM roles that you granted to the folder in step 2, or create custom roles with equivalent permissions to the management project created in the previous step.

Find the management project for the folder:
1. Return to the Admin for Geminipage.
  
  Go to Admin for Gemini
2. From the project picker at the top of the page, select your folder resource.
3. Select Manage Gemini Cloud Assist Settings.
  
  The Manage Gemini Cloud Assistdialog appears.
4. Note the Management project.
(Optional) Configure settings for projects in the folder .

What's next

Learn about Gemini Cloud Assist pricing .
Learn how to use the Cloud Assistpanel in the Google Cloud console .