This article explains how to set up a service account in Google Cloud Platform. Ensure you have the necessary permissions in Google Cloud.
1. In the Google console go to IAM & admin.
2. Go to Service accounts. Click Create Service Account.
3. Enter the name for the service account, e.g. "cloudaware-service-account". Click Create.
4. Specify the Project role as 'Viewer'. Click Continue.
5. Click +Create key. Select 'JSON' → Create.
6. A .json file will be automatically downloaded by the browser.
Enable Google APIs on Google Project
Go back to the Organization level.
1. Select the project → APIs & Services.
2. Click +ENABLE APIS AND SERVICES.
3. Using the search bar, locate and enable:
Compute Engine API
Identity and Access Management (IAM) API
Cloud Resource Manager API
Kubernetes Engine API (learn more)
Cloud Billing API (learn more)
Google Organizations (optional)
If you use Google Organizations, assign the role 'Viewer' to the service account for Cloudaware to consume your Organization data. Assign the following roles to the service account created earlier:
Organization Role Viewer
Folder Viewer
Organization Viewer
Organization Policy Viewer
Project Viewer
Click Save.
Assign the 'Project Viewer' role on the organization level for Cloudaware to automatically add and collect Google Projects within a Google Organization:
Google Billing Accounts (optional)
For Cloudaware to be able to collect the list of Google Billing Accounts, assign the role 'Billing Account Viewer' to the service account* that has access to billing accounts in question.
1. Go to Billing.
2. Go to the tab 'My Billing Accounts'. Check the box near the billing account. Click Add Principal on the right to manage permissions.
3. Select the service account* and assign the role Billing Account Viewer → Save.
*Note that the service account should be added to Cloudaware.