Versions Compared

Old Version 9

changes.mady.by.user Daria Lebedeva

Saved on

compared with

New Version Current

changes.mady.by.user Daria Lebedeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

The article explains how to grant Cloudaware additional permissions, such as to Google Organizations or Google Billing accounts, and create a custom role for backups and tagging. Ensure you have the necessary permissions in Google Cloud.

...

For Cloudaware to collectGoogle Organizations and related data, assign the role 'Viewer' to the service account added to Cloudaware. The following permissions are required:

  • Organization Role Viewer

  • Folder Viewer

  • Organization Viewer

  • Organization Policy Viewer

  • Project Viewer

Click Save SAVE.

Assign the 'Project Viewer' role on at the organization level for Cloudaware to automatically add and collect Google Projects within a Google Organization automatically.

Google

...

billing accounts

For Cloudaware to collect Google Billing Accountsbilling accounts, assign the role 'Billing Account Viewer' to the service account* that has access to billing accounts in question.

1. Go to Billing.

...

  1. Log in to the Google console. Go to

...

  1. '

...

  1. Billing' → 'MY BILLING ACCOUNTS'.

...

  2. Select the

...

  1. billing account by checking the check box. Click

...

  1. ADD PRINCIPAL on the right to manage permissions.

...

  1. Select the

...

  1. role Billing Account Viewer

...

  1. SAVE.

...

*Note that the Google service account should be added to Cloudaware. See the guide

...

To use backups and tagging, create a custom role and assign it to the Cloudawareservice Cloudaware service account:

  1. Log in to the Google console. Go to 'IAM & admin, select "Roles" and click +Create Role.

...

...

  1. ' → 'Roles' → +CREATE ROLE.

  2. Set a meaningful name and description for the custom role, e.g. Cloudaware Custom Role. Set 'Role launch stage' as General Availability

...

  1. .

  2. Click +ADD PERMISSIONS. Select the following permissions:

For backups

For labels (tags)

  • compute.disks.get

  • compute.disks.createSnapshot

  • compute.disks.list

  • compute.disks.setLabels

  • compute.snapshots.create

  • compute.snapshots.delete

  • compute.snapshots.get

  • compute.snapshots.list

  • compute.snapshots.setLabels

  • compute.zones.get

  • compute.zones.list

For labels (tags)

  • bigquery.datasets.update

  • bigquery.tables.update

  • cloudsql.instances.update

  • compute.addresses.setLabels

  • compute.disks.setLabels

  • compute.forwardingRules.setLabels

  • compute.globalAddresses.setLabels

  • compute.globalForwardingRules.setLabels

  • compute.images.setLabels

  • compute.instances.setLabels

  • compute.snapshots.setLabels

  • compute.targetVpnGateways.setLabels

  • compute.vpnTunnels.setLabels

  • dataproc.clusters.update

  • dataproc.jobs.update

  • cloudkms.cryptoKeys.update

  • storage.buckets.update

Click CREATE.

  1. Assign the custom role to the service account: 'IAM & admin

...

  1. ' → IAM select the service account → click the pencil icon to edit principal → ADD ANOTHER ROLE → Custom → Cloudaware Custom Role → SAVE.