Follow the step-by-step guide for creating a credential to integrate your GCP cloud with Cloud8.
We need a JSON file that contains the service account:
IMPORTANT : enable APIs at https://console.cloud.google.com/apis/dashboard – check the project and enable the APIs for “Cloud Resource Manager API”, “Compute”, “Cloud SQL” and “Cloud Billing” (if you are going to use cost analysis through Cloud8);
- me Manage, enable;
- Create the Service Account: https://console.developers.google.com/iam-admin/serviceaccounts/project (if you have another project, see which one GCP picked up by default!);
- “Create Service Account”;
- Roles – depending on the type of action you want Cloud8 to perform – viewing and/or backup, schedules for cost reduction, etc.
- Browser
- Viewer
- View Service Accounts
- Compute Engine -> Compute Admin ou Compute Viewer;
- Cloud SQL -> Cloud SQL Admin ou Cloud SQL Viewer;
- Monitoring -> Monitoring Viewer – metrics;
- BigQuery -> BigQuery Data Viewer and BigQuery Job User – cost analysis;
- Kubernetes -> Kubernetes Engine Cluster Viewer;
- Cloud Asset Viewer
- Compute Recommender Viewer
- Cloud Functions Viewer
Choose a name and create. After creation, click on the ‘3 dots’ on the right and create a new JSON key.
Note : if the project is a member of an “Organization”, it must have the same roles as the Service Account, otherwise you will receive the message “User is not Authorized”.
After creating, open the .json file and place the content in Cloud8 for synchronization.
Support for exporting data from Cloud SQL to a bucket
If you are going to use the Cloud SQL data export workflow, one of the following permissions is required:
- Role: “Cloud Storage Admin”
- In “Cloud Storage”, choose the bucket and add the ServiceAccount of the “Cloud SQL” instance as Object Creator
Customization
If you want to configure via API permission, you can generate a YAML file with the following content:
title: Automation
description: “”
stage: “GA”
includedPermissions:
– cloudsql.instances.get
– cloudsql.instances.list
– cloudsql.instances.update –> CloudSQL has no setLabels
– cloudsql.instances.restart
– cloudsql.instances.export
– compute.autoscalers.get
– compute.autoscalers.list
– compute.autoscalers.update
– compute.instances.start
– compute.instances.startWithEncryptionKey
– compute.instances.stop
– compute.instances.get
– compute.instances.list
– compute.addresses.list- compute.instances.setLabels
– compute.instanceGroupManagers.get
– compute.instanceGroupManagers.list
– compute.instanceGroupManagers.update
– compute.instanceGroupManagers.use
– compute.disks.list
– compute.disks.get
– compute.disks.createSnapshot
– compute.disks.setLabels
– compute.zones.get
– compute.zones.list
– compute.snapshots.list
– compute.snapshots.get
– compute.snapshots.setLabels
– monitoring.groups.get
– monitoring.groups.list
– monitoring.metricDescriptors.get
– monitoring.metricDescriptors.list
– monitoring.monitoredResourceDescriptors.get
– monitoring.monitoredResourceDescriptors.list
– monitoring.timeSeries.list
– resourcemanager.projects.get
– compute.regions.list
– cloudfunctions.functions.list
– resourcemanager.projects.getIamPolicy
– iam.serviceAccounts.get
– cloudasset.assets.searchAllResources
– recommender.computeInstanceIdleResourceRecommendations.list
– recommender.computeInstanceMachineTypeRecommendations.list
– cloudasset.assets.searchAllResourcesAnd then create the Service Account:
gcloud iam roles create cloudautomation –project <project_id> –file ./cloud8.yamlgcloud projects add-iam-policy-binding <project_id> –role projects/<project_id>/roles/cloudautomation –member serviceAccount:serviceAccount%3Acloud8@export-billing-brlm.iam.gserviceaccount.comIntegration with costs
Important: Cloud8 needs the project that contains the costs BigQuery. In the Serice Account of this project, we need the Roles: Viewer, Browser, BigQuery Data Viewer and BigQuery Job User.
In the GCP console:
- click on “Billing”
- check “my billing account” – The URL would be https://console.cloud.google.com/billing?project=&folder=&organizationId= (with the ID of your organizationID)
- you should see a line with the “Billing Account ID” and the number of projects below it
- when you click on the Billing Account ID it redirects you to the dashboard
- Billing Export – check if BigQuery export is checked ( https://console.cloud .google.com/billing/BILLING_ACCOUNT_ID/export/bigquery?organizationId=ORG_ID – you have to replace it with the values). We suggest using “Detailed Usage cost”
- in Cloud8 you will need DataSet and table name (gcp_billing_export_v1_BILLING_ACCOUNT_ID or gcp_billing_export_resource_v1_BILLING_ACCOUNT_ID)
