Use the Bigtable remote MCP server

Preview

This feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of theService Specific Terms, and theAdditional Terms for Generative AI Preview Products. Pre-GA features are available "as is" and might have limited support. For more information, see thelaunch stage descriptions.

Model Context Protocol(MCP) standardizes the way large language models (LLMs) and AI applications oragents connect to outside data sources. MCP servers let you use their tools,resources, and prompts to take actions and get updated data from their backendservice.

Local MCP servers typically run on your local machine and use the standard inputand output streams (stdio) for communication between services on the samedevice. Remote MCP servers run on the service's infrastructure and offer an HTTPendpoint to AI applications for communication between the AI MCP client and theMCP server. For more information on MCP architecture, seeMCP architecture.

This document describes how to use the Bigtableremote Model Context Protocol (MCP) server to connect toBigtable from AI applications such asGemini CLI, agent mode inGemini Code Assist, Claude Code, or in AIapplications that you're developing.

Google and Google Cloud remote MCP servers have the followingfeatures and benefits:

  • Simplified, centralized discovery.
  • Managed HTTP endpoints.
  • Fine-grained authorization.
  • Optional prompt and response security withModel Armor protection.
  • Centralized audit logging.

For information about other MCP servers and information about securityand governance controls available for Google Cloud MCP servers,seeGoogle Cloud MCP servers overview.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.create permission.Learn how to grant roles.
    Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.

    Go to project selector

  3. Verify that billing is enabled for your Google Cloud project.

  4. Enable the Bigtable Admin API.

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enable permission.Learn how to grant roles.

    Enable the API

  5. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.create permission.Learn how to grant roles.
    Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.

    Go to project selector

  6. Verify that billing is enabled for your Google Cloud project.

  7. Enable the Bigtable Admin API.

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enable permission.Learn how to grant roles.

    Enable the API

  8. Run the following command to install thecbt CLI:
    gcloud components install cbt

Required roles

To get the permissions that you need to enable the Bigtable MCP server, ask your administrator to grant you the following IAM roles on the project where you want to enable the Bigtable MCP server:

For more information about granting roles, seeManage access to projects, folders, and organizations.

These predefined roles contain the permissions required to enable the Bigtable MCP server. To see the exact permissions that are required, expand theRequired permissions section:

Required permissions

The following permissions are required to enable the Bigtable MCP server:

  • serviceusage.mcppolicy.get
  • serviceusage.mcppolicy.update
  • Make MCP tool calls: mcp.tools.call
  • Grants full access to Bigtable resources and lets you assign Bigtable IAM roles: bigtable.admin

You might also be able to get these permissions withcustom roles or otherpredefined roles.

Enable or disable the Bigtable MCP server

You can enable or disable the Bigtable MCP serverin a project with thegcloud beta services mcp enable command. For moreinformation, see the following sections.

Enable the Bigtable MCP server in a project

Note: After March 17, 2026, the Bigtableremote MCP server is automatically enabled when you enable Bigtable.

If you're using different projects for your client credentials, such as serviceaccount keys, OAuth client ID or API keys, and for hosting your resources, thenyou must enable the Bigtable service and theBigtable remote MCP server on both projects.

To enable the Bigtable MCP server in yourGoogle Cloud project, run the following command:

gcloudbetaservicesmcpenableSERVICE\--project=PROJECT_ID

Replace the following:

  • PROJECT_ID: the Google Cloud project ID.
  • SERVICE: the global service namefor the Cloud Bigtable Admin API, which isbigtableadmin.googleapis.com.

The Bigtable remote MCP server is enabled for use in your Google Cloud project. If the Bigtable service isn't enabledfor your Google Cloud project, you are prompted to enable the servicebefore you enable the Bigtable remote MCP server.

As a security best practice, we recommend that you enable MCP servers only forthe services required for your AI application to function.

Disable the Bigtable MCP server in a project

To disable the Bigtable MCP server in yourGoogle Cloud project, run the following command:

gcloudbetaservicesmcpdisableSERVICE\--project=PROJECT_ID

The Bigtable MCP server is disabled for use inyour Google Cloud project.

Authentication and authorization

Bigtable MCP servers use theOAuth 2.0protocol withIdentity and Access Management (IAM)for authentication and authorization. AllGoogle Cloud identitiesare supported for authentication to MCP servers.

The Bigtable remote MCP server doesn't accept API keys.

We recommend that you create a separate identity for agents using MCP tools sothat you can control and monitor access to resources. For more informationabout authentication, seeAuthenticate to MCP servers.

Bigtable MCP OAuth scopes

OAuth 2.0 uses scopes and credentials to determine if an authenticatedprincipal is authorized to take a specific action on a resource. For moreinformation about OAuth 2.0 scopes at Google, seeUsing OAuth 2.0 to access Google APIs.

Bigtable has the following MCP tool OAuth scopes:

Scope URI for gcloud CLIDescription
https://www.googleapis.com/auth/bigtable.adminGrants full access to Bigtable resources and lets you assign Bigtable IAM roles.

Additional scopes might be required on the resources accessed during a toolcall. To view a list of scopes required forBigtable, seeOAuth 2.0 scopes for Bigtable Admin API v2.

Configure an MCP client to use the Bigtable MCP server

AI applications and agents, such as Claude or GeminiCLI, can instantiate an MCP client that connects to a single MCP server. An AIapplication can have multiple clients that connect to different MCP servers. Toconnect to a remote MCP server, the MCP client must know at a minimum the URL ofthe remote MCP server.

In your AI application, look for a way to connect to a remote MCP server. Youare prompted to enter details about the server, such as its name and URL.

For the Bigtable MCP server, enter the following asrequired:

  • Server name: Bigtable MCP server
  • Server URL orEndpoint: https://bigtableadmin.googleapis.com/mcp
  • Transport: HTTP
  • Authentication details: Depending on how you want to authenticate, you canenter your Google Cloud credentials, your OAuth Client IDand secret, or an agent identity and credentials. For more information onauthentication, seeAuthenticate to MCP servers.
  • OAuth scope: theOAuth 2.0 scope thatyou want to use when connecting to the BigtableMCP server.

For host specific guidance, see the following:

For more general guidance, see the following resources:

Available tools

To view details of available MCP tools and their descriptions for theBigtable MCP server, see theBigtable MCP reference.

List tools

Use theMCP inspector to list tools, or send atools/list HTTP request directly to the Bigtableremote MCP server. Thetools/list method doesn't require authentication.

POST /mcp HTTP/1.1Host: bigtableadmin.googleapis.comContent-Type: application/json{  "jsonrpc": "2.0",  "method": "tools/list",}

Sample prompts

You can use the following sample prompts to create or deleteBigtable resources and get information about them:

  • "Create an instanceINSTANCE_ID in projectPROJECT_ID in zoneZONE_ID withNODES nodes."
  • "List instances in projectPROJECT_ID."
  • "Get instanceINSTANCE_ID in projectPROJECT_ID."
  • "Delete instanceINSTANCE_ID in projectPROJECT_ID."
  • "Create a tableTABLE_ID in instanceINSTANCE_ID in projectPROJECT_ID."
  • "List tables in instanceINSTANCE_ID projectPROJECT_ID."
  • "Get tableTABLE_ID inINSTANCE_ID projectPROJECT_ID."
  • "Delete tableTABLE_ID in instanceINSTANCE_ID projectPROJECT_ID."

In the prompts, replace the following:

  • PROJECT_ID with your Google Cloud project ID.
  • INSTANCE_ID with the Bigtable instance ID.
  • ZONE_ID with the zone where the cluster runs.
  • TABLE_ID with the Bigtable table ID.
  • If you want to control the number of nodes in a cluster, replaceNODES with the number of nodes that you want in the cluster. If not specified, the default is1.

Model Armor

Model Armor is aGoogle Cloud service designed to enhance the security andsafety of your AI applications. It works by proactively screening LLM promptsand responses, protecting against various risks and supporting responsible AIpractices. Whether you are deploying AI in your cloud environment, or onexternal cloud providers, Model Armor can helpyou prevent malicious input, verify content safety, protect sensitive data,maintain compliance, and enforce your AI safety and security policiesconsistently across your diverse AI landscape.

Model Armor is only available inspecific regional locations. If Model Armor isenabled for a project, and a call to that project comes from an unsupportedregion, Model Armor makes a cross-regional call.For more information, seeModel Armor locations.

Caution: Model Armor logs the entire payload if arequest fails. This might expose sensitive information in the logs.

Enable Model Armor

To enable Model Armor on your Google Cloud project, run the followinggcloud CLI command:

gcloudservicesenablemodelarmor.googleapis.com\--project=PROJECT_ID

ReplacePROJECT_ID with yourGoogle Cloud project ID.

Configure protection for Google and Google Cloud remote MCP servers

To protect your MCP tool calls and responses, you create aModel Armor floor setting and then enableMCP content security for your project. A floor setting defines the minimumsecurity filters that apply across the project. This configuration applies aconsistent set of filters to all MCP tool calls and responses withinthe project.

Tip: Don't enable the prompt injection and jailbreak filter unless your MCP traffic carries natural language data.

  1. Set up a Model Armor floor setting with MCP sanitizationenabled. For more information, seeConfigure Model Armor floorsettings.

    Note: If the agent and the MCP server are in different projects, you can create floor settings in both projects (the client project and the resource project). In this case, Model Armor is invoked twice, once for each project.

    See the following example command:

    gcloudmodel-armorfloorsettingsupdate\--full-uri='projects/PROJECT_ID/locations/global/floorSetting'\--enable-floor-setting-enforcement=TRUE\--add-integrated-services=GOOGLE_MCP_SERVER\--google-mcp-server-enforcement-type=INSPECT_AND_BLOCK\--enable-google-mcp-server-cloud-logging\--malicious-uri-filter-settings-enforcement=ENABLED\--add-rai-settings-filters='[{"confidenceLevel": "HIGH", "filterType": "DANGEROUS"}]'

    ReplacePROJECT_ID with your Google Cloud projectID.

    Note the following settings:

  2. For your project, enable Model Armor protection for remote MCP servers.

    gcloudbetaservicesmcpcontent-securityaddmodelarmor.googleapis.com--project=PROJECT_ID

    ReplacePROJECT_ID with your Google Cloudproject ID. After you run this command, Model Armor sanitizesall MCP tool calls and responses from the project, regardless of where thecalls and responses originate.

  3. To confirm that Google MCP traffic is sent to Model Armor,run the following command:

    gcloudbetaservicesmcpcontent-securityget--project=PROJECT_ID

    ReplacePROJECT_ID with the Google Cloud project ID.

Enable MCP content security

To use content security to protect the MCP traffic between the AI application and Bigtable, run the following gcloud CLI command:

gcloudbetaservicesbetamcpcontent-securityaddCONTENT_SECURITY_PROVIDER\--project=PROJECT_ID

Replace the following:

  • CONTENT_SECURITY_PROVIDER: the name of the content security provider to add, such asmodelarmor.googleapis.com.
  • PROJECT_ID: the Google Cloud project ID.

Disable Model Armor in a project

To disable Model Armor on a Google Cloud project, run thefollowing command:

gcloudbetaservicesmcpcontent-securityremovemodelarmor.googleapis.com\--project=PROJECT_ID

ReplacePROJECT_ID with the Google Cloud projectID.

Google MCP traffic won't be scanned by Model Armor for thespecified project.

Disable scanning MCP traffic with Model Armor

If you want to use Model Armor in a project, and you want to stopscanning Google MCP traffic with Model Armor, run the followingcommand:

gcloudmodel-armorfloorsettingsupdate\--full-uri='projects/PROJECT_ID/locations/global/floorSetting'\--remove-integrated-services=GOOGLE_MCP_SERVER

ReplacePROJECT_ID with the Google Cloud projectID.

Model Armor won't scan MCP traffic in the project.

Control MCP use with IAM deny policies

Identity and Access Management (IAM) deny policies help yousecure Google Cloud remote MCP servers. Configure these policies to blockunwanted MCP tool access.

For example, you can deny or allow access based on:

  • The principal.
  • Tool properties like read-only.
  • The application's OAuth client ID.

For more information, seeControl MCP use with Identity and Access Management.

What's next

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-19 UTC.