Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This article explains how to set up a service account in Google Cloud Platform. Ensure you have the necessary permissions in Google Cloud.

Configure Google Billing Account permissions

For Cloudaware to be able to collect the list of Google Billing Accounts, assign the role 'Billing Account Viewer' to the service account* that has access to billing accounts in question.

1. Go to Billing.

2. Go to the tab 'My Billing Accounts'. Check the box near the billing account. Click Add Principal on the right to manage permissions.

3. Select the service account* and assign the role Billing Account ViewerSave.

*Note that the service account should be added to Cloudaware.

Create a custom role

A custom role is necessary if you are going to use backups and labels.

  1. Go to IAM & admin, select "Roles" and click +Create Role.

Add the name and the description of the custom role. Set 'Role launch stage' as General Availability and click + Add Permissions.

  1. Select the following permissions:

For backups

For labels

  • compute.disks.get

  • compute.disks.createSnapshot

  • compute.disks.list

  • compute.disks.setLabels

  • compute.snapshots.create

  • compute.snapshots.delete

  • compute.snapshots.get

  • compute.snapshots.list

  • compute.snapshots.setLabels

  • compute.zones.get

  • compute.zones.list

  • bigquery.datasets.update

  • bigquery.tables.update

  • cloudsql.instances.update

  • compute.addresses.setLabels

  • compute.disks.setLabels

  • compute.forwardingRules.setLabels

  • compute.globalAddresses.setLabels

  • compute.globalForwardingRules.setLabels

  • compute.images.setLabels

  • compute.instances.setLabels

  • compute.snapshots.setLabels

  • compute.targetVpnGateways.setLabels

  • compute.vpnTunnels.setLabels

  • dataproc.clusters.update

  • dataproc.jobs.update

  • cloudkms.cryptoKeys.update

  • storage.buckets.update

  1. Assign the custom role to the service account you have just created (IAM & admin → IAM → select the service account).

  • No labels