Versions Compared

Version Old Version 3 New Version 4
Changes made by

Daria Lebedeva

Daria Lebedeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This article explains how to set up a service account in Google Cloud Platform. Ensure you have the necessary permissions in Google Cloud.

Table of Contents
stylenone

Create a service account


1. In the Google console go to IAM & admin.

...


4. Specify the Project role as 'Viewer'. Click Continue.

...

5.

NOTE: If you use Google Organizations, assign the role 'Viewer' to the service account for Cloudaware to consume your Organization data. Assign the following roles to the service account created earlier:

  • Organization Role Viewer

  • Folder Viewer

  • Organization Viewer

  • Organization Policy Viewer

  • Project Viewer

Click Save.

Assign the 'Project Viewer' role on the organization level for Cloudaware to automatically add and collect Google Projects within a Google Organization:

Create a key

The service account key is required for setup in Cloudaware

Select the service account.

Click +Create key. Select 'JSON' → Create.

...

6.
A .json file will be automatically downloaded by the browser.

...

Enable Google APIs on Google Project

Go back to the Organization level.

1. Select the project in question APIs & Services.

...

2. Click +ENABLE APIS AND SERVICES.

...

  • Compute Engine API

  • Identity and Access Management (IAM) API

  • Cloud Resource Manager API

  • Kubernetes Engine API (learn more)

  • Cloud Billing API (learn more)

...

...

  • )

...

If you use Google Organizations, assign the role 'Viewer' to the service account for Cloudaware to consume your Organization data. Assign the following roles to the service account created earlier:

  • Organization Role Viewer

  • Folder Viewer

  • Organization Viewer

  • Organization Policy Viewer

  • Project Viewer

...

Click Save.

Note

Assign the 'Project Viewer' role on the organization level for Cloudaware to automatically add and collect Google Projects within a Google Organization:

...


Google Billing Accounts (optional)

For Cloudaware to be able to collect the list of Google Billing Accounts, assign the role 'Billing Account Viewer' to the service account* that has access to billing accounts in question.

...

*Note that the service account should be added to Cloudaware.

Create a custom role (optional)
Anchor
#CreatingCustomRole(optional)
#CreatingCustomRole(optional)

A custom role is necessary if you are going to use backups and labels.

  1. Go to IAM & admin, select "Roles" and click +Create Role.

...

Add the name and the description of the custom role. Set 'Role launch stage' as General Availability and click + Add Permissions.

...

  1. Select the following permissions:

For backups

For labels

  • compute.disks.get

  • compute.disks.createSnapshot

  • compute.disks.list

  • compute.disks.setLabels

  • compute.snapshots.create

  • compute.snapshots.delete

  • compute.snapshots.get

  • compute.snapshots.list

  • compute.snapshots.setLabels

  • compute.zones.get

  • compute.zones.list

  • bigquery.datasets.update

  • bigquery.tables.update

  • cloudsql.instances.update

  • compute.addresses.setLabels

  • compute.disks.setLabels

  • compute.forwardingRules.setLabels

  • compute.globalAddresses.setLabels

  • compute.globalForwardingRules.setLabels

  • compute.images.setLabels

  • compute.instances.setLabels

  • compute.snapshots.setLabels

  • compute.targetVpnGateways.setLabels

  • compute.vpnTunnels.setLabels

  • dataproc.clusters.update

  • dataproc.jobs.update

  • cloudkms.cryptoKeys.update

  • storage.buckets.update

  1. Assign the custom role to the service account you have just created (IAM & admin → IAM → select the service account).