> ## Documentation Index
> Fetch the complete documentation index at: https://docs.streamnative.io/llms.txt
> Use this file to discover all available pages before exploring further.

# BigLake for Iceberg

This guide describes how to prepare a Google BigLake metastore for use with StreamNative Ursa as an Iceberg REST catalog.

For background, see the Google Cloud documentation: [Use the BigLake metastore Iceberg REST catalog](https://docs.cloud.google.com/biglake/docs/blms-rest-catalog).

## Prerequisites

* A GCP project with permissions to create BigLake catalogs and modify IAM roles
* A StreamNative Ursa cluster running on GCP

## 1. Create a BigLake Catalog

In the Google Cloud Console, search for **BigLake**.

<img src="https://mintcdn.com/streamnative/IhGBhfNZfZHreuAr/images/ursa-lakehouse/biglake-01.webp?fit=max&auto=format&n=IhGBhfNZfZHreuAr&q=85&s=e758c7de67657080beee0079b4f5cd49" alt="Search BigLake" width="1920" height="959" data-path="images/ursa-lakehouse/biglake-01.webp" />

Create a new catalog by selecting a Cloud Storage bucket.

> **Important:**
>
> * The bucket must be in the **same region** as your StreamNative Ursa cluster, otherwise cross-region traffic and latency are introduced.
> * BigLake does not support sub-directories within a bucket. Each BigLake catalog maps to exactly one bucket (1:1 mapping).

In the **Authentication** section, choose **Credential vending mode**.

<img src="https://mintcdn.com/streamnative/IhGBhfNZfZHreuAr/images/ursa-lakehouse/biglake-02.webp?fit=max&auto=format&n=IhGBhfNZfZHreuAr&q=85&s=475438a39f484d3d994266b11c9cd2b7" alt="Credential vending mode" width="1920" height="1519" data-path="images/ursa-lakehouse/biglake-02.webp" />

After the catalog is created, view the catalog details to obtain the **REST Catalog URI**, **GCS Warehouse**, and **Project**.

<img src="https://mintcdn.com/streamnative/IhGBhfNZfZHreuAr/images/ursa-lakehouse/biglake-03.webp?fit=max&auto=format&n=IhGBhfNZfZHreuAr&q=85&s=28f60d35fdc52e36e36edc382172bafb" alt="Catalog information" width="1920" height="1246" data-path="images/ursa-lakehouse/biglake-03.webp" />

Click **Set bucket permissions** to grant the BigLake service account access to the bucket.

<img src="https://mintcdn.com/streamnative/IhGBhfNZfZHreuAr/images/ursa-lakehouse/biglake-04.webp?fit=max&auto=format&n=IhGBhfNZfZHreuAr&q=85&s=27490296e087a630340a4d03781fd0df" alt="Set bucket permissions" width="1920" height="1220" data-path="images/ursa-lakehouse/biglake-04.webp" />

## 2. Grant IAM Roles to the Ursa Broker Service Account

Locate the StreamNative Ursa broker service account (the format is typically `iamaccount-<id>@<gcp-project>.iam.gserviceaccount.com`).

<img src="https://mintcdn.com/streamnative/IhGBhfNZfZHreuAr/images/ursa-lakehouse/biglake-05.webp?fit=max&auto=format&n=IhGBhfNZfZHreuAr&q=85&s=7e9a9598c17e0f623701d4c6ebdf581a" alt="Broker service account" width="1920" height="595" data-path="images/ursa-lakehouse/biglake-05.webp" />

In the GCP IAM console, grant the broker service account the following roles:

* **BigLake Editor**
* **Storage Object User**
* **Service Usage Consumer**

<img src="https://mintcdn.com/streamnative/IhGBhfNZfZHreuAr/images/ursa-lakehouse/biglake-06.webp?fit=max&auto=format&n=IhGBhfNZfZHreuAr&q=85&s=7224c82cb11f02aed199a013f2c2f804" alt="Grant IAM roles" width="1703" height="1920" data-path="images/ursa-lakehouse/biglake-06.webp" />

<img src="https://mintcdn.com/streamnative/IhGBhfNZfZHreuAr/images/ursa-lakehouse/biglake-07.webp?fit=max&auto=format&n=IhGBhfNZfZHreuAr&q=85&s=ce32f201a5a03d7e53977fdf7214c2ab" alt="Grant IAM roles" width="1920" height="363" data-path="images/ursa-lakehouse/biglake-07.webp" />

## Catalog Information Summary

When the steps above are complete, collect the following values for the StreamNative Ursa compaction service. Several values are fixed for any BigLake catalog -- copy them as-is.

| Value                                        | Description                                                                                              |
| -------------------------------------------- | -------------------------------------------------------------------------------------------------------- |
| `iceberg.catalog-backend`                    | `BIGLAKE`                                                                                                |
| `iceberg.type`                               | `rest`                                                                                                   |
| `iceberg.uri`                                | The **REST Catalog URI** from step 1 (typically `https://biglake.googleapis.com/iceberg/v1/restcatalog`) |
| `iceberg.warehouse`                          | The **GCS Warehouse** from step 1 (e.g., `gs://<bucket-name>`)                                           |
| `iceberg.header.x-goog-user-project`         | The **Project** from step 1                                                                              |
| `iceberg.rest.auth.type`                     | `org.apache.iceberg.gcp.auth.GoogleAuthManager` (fixed)                                                  |
| `iceberg.io-impl`                            | `org.apache.iceberg.gcp.gcs.GCSFileIO` (fixed)                                                           |
| `iceberg.rest-metrics-reporting-enabled`     | `false` (fixed -- BigLake does not yet support REST metrics reporting)                                   |
| `iceberg.header.X-Iceberg-Access-Delegation` | `vended-credentials` (fixed)                                                                             |

For the next steps, see [Configure Lakehouse Catalogs](../../configure-lakehouse-catalogs).