To use your Google Cloud (GCP) account integrated with the Cloud8 Platform, you will need to provide access credentials. Below are the step-by-step instructions for creating credentials to integrate your GCP cloud with Cloud8.
Prerequisites #
The user needs to have the following permissions to access the Organization’s resource management panel:
- Resourcemanager.organizations.get
- resourcemanager.organizations.getIamPolicy
Collect Organization ID #
The first piece of information needed for setup is the Organization ID. At the top of the screen, click the icon to the left of the search bar and write down the Organization ID in a notepad.
If the user’s account type does not have Organization, but only Projects, proceed to the next step using the project where BigQuery is configured to collect the billing export data.
Collect Billing Account ID #
At the top of the screen, search for Billing. In the left sidebar menu, click on “Account management”. Note the Billing Account ID. FinOps Analytics configuration is done through a BigQuery Table and requires BigQuery Data Viewer and BigQuery Job User permissions.
If your account has multiple projects and doesn’t have an Organization, search for “Billing accounts” in the top search bar. On the left side, there will be an expander called “Billing account”; click on it and select the desired billing account.
In the left-hand menu, select “Billing export”. If “Detailed usage cost” is disabled, you will need to configure the export. To do this, click on “Edit settings”.
Select a Project in which to create the export. Remember to select the one that contains the majority of your billing data. In the Dataset option, click on “Create new dataset”.
After creating the file, click “Save” and proceed to the next step.
Enable APIs #
It is important to enable the following APIs at https://console.cloud.google.com/apis/dashboard
Click on Enable APIs and services , and search for:
- Cloud Resource Manager API
- Compute Engine API
- Cloud SQL
- Cloud Billing for use with FinOps Analytics
- KMS API
- Recommender API
Step 1 – Create a Service Account #
In the IAM & Admin menu, select Service Accounts. Click Create Service Account : https://console.developers.google.com/iam-admin/serviceaccounts
As a rule, this configuration is done in the Organization.
NOTE: In some cases, it is necessary to create the Service Account within a project and then assign permissions within the Organization, when it is not possible to create it directly within the Organization.
To do this, click on IAM within the Organization and select “Grant access”.
Fill in the Service account name and Service account ID fields.
Step 2 – Ensure the necessary access permissions #
In the Permissions tab , click Manage access , and then click Add role.
Roles depend on the type of action the user wants Cloud8 to perform in their environment, such as viewing information, backups, scheduling for cost reduction, etc. Among the available roles, we suggest :
- Browser
- Viewer
- View Service Accounts
- Compute Viewer;
- Cloud SQL Viewer;
- Monitoring Viewer;
- BigQuery Data Viewer;
- BigQuery Job User;
- Kubernetes Engine Cluster Viewer;
- Cloud Asset Viewer
- Compute Recommender Viewer
- Cloud Functions Viewer
For more advanced access with automation, the following roles will be required:
- Browser
- Viewer
- View Service Accounts
- Compute Engine: Compute Admin ou Compute Viewer;
- Cloud SQL: Cloud SQL Admin ou Cloud SQL Viewer;
- Monitoring: Monitoring Viewer;
- BigQuery: BigQuery Data Viewer e BigQuery Job User;
- Kubernetes: Kubernetes Engine Cluster Viewer;
- Cloud Asset Viewer
- Compute Recommender Viewer
- Cloud Functions Viewer
You can search for the desired Role by clicking on Select a Role , then on Filter by role or permission.
Note : If the project is a member of an ” Organization ,” it must have the same roles as the Service Account ; otherwise, it will receive the message ” User is not Authorized .”
Step 3 – Create JSON #
We need a JSON file containing the service account . To do this, in the Keys tab , click Add Key , and then Create new key.
Select JSON , then click Create . A Private Key will be generated automatically.
Step 4 – Enable JSON in the new provider registration. #
Copy the JSON content from the Cloud8 Portal, and then register.
Setting up FinOps Analytics on Cloud8 #
FinOps Analytics is configured through a BigQuery table and requires the BigQuery Data Viewer and BigQuery Job User permissions.
Search for “Billing,” and in the left-hand menu select “Billing export.” Check if there is a “Detailed Billing Export” option. If not, you will need to create one.
Search for “Dataset name” in Detailed Usage Cost and make a note of it.
Click on the Dataset name to open the Tables view. Copy and note the BigQueyTable name when expanding the Dataset view on the left.
On the Cloud8 platform, click on FinOps Analytics, select the GCP provider, and configure it by specifying the “Dataset Name” and the “BigQuery Table”.
Enabling Best Practices in Cloud8 #
After the FinOps Analytics setup is complete and the data is synchronized in Cloud8, you will be able to enable the Best Practices feature in Cloud8.
Best Practices is an advanced advisor that combines over 1,000 unique security, backup, compliance, and cost reduction rules for AWS, Azure, GCP, and OCI with flexible alerts via Teams, Slack, or email.
Before continuing, please verify that the following APIs are enabled:
- KMS API
- Recommender API
In the Cloud8 sidebar menu, select Providers. Select your desired provider and click on “Best Practices”.
You will need to select the providers where you want to enable the feature. To do this, uncheck the ” Disabled on this provider ” checkbox and select the ” Same as main credentials ” option.
Next, click “ Configure ”.
Note: If FinOps Analytics has just been enabled, you will need to wait at least 24 hours before enabling the Best Practices functionality.
