Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

The article explains how to grant Cloudaware additional permissions, such as to Google Organizations or Google Billing accounts, and create a custom role for backups and tagging. Ensure you have the necessary permissions in Google Cloud.

...

  1. Go to 'IAM & admin' → 'Roles' → +CREATE ROLE.

  2. Set a meaningful name and description for the custom role, e.g. Cloudaware Custom Role. Set 'Role launch stage' as General Availability.

  3. Click +ADD PERMISSIONS. Select the following permissions:

For backups

For labels (tags)

  • compute.disks.get

  • compute.disks.createSnapshot

  • compute.disks.list

  • compute.disks.setLabels

  • compute.snapshots.create

  • compute.snapshots.delete

  • compute.snapshots.get

  • compute.snapshots.list

  • compute.snapshots.setLabels

  • compute.zones.get

  • compute.zones.list

For labels (tags)

  • bigquery.datasets.update

  • bigquery.tables.update

  • cloudsql.instances.update

  • compute.addresses.setLabels

  • compute.disks.setLabels

  • compute.forwardingRules.setLabels

  • compute.globalAddresses.setLabels

  • compute.globalForwardingRules.setLabels

  • compute.images.setLabels

  • compute.instances.setLabels

  • compute.snapshots.setLabels

  • compute.targetVpnGateways.setLabels

  • compute.vpnTunnels.setLabels

  • dataproc.clusters.update

  • dataproc.jobs.update

  • cloudkms.cryptoKeys.update

  • storage.buckets.update

Click CREATE.

  1. Assign the custom role to the service account: 'IAM & admin' → IAM select the service account → click the pencil icon to edit principal → ADD ANOTHER ROLE → Custom → Cloudaware Custom Role → SAVE.

...