Add Google Cloud Platform (GCP) Credential
In order to allow Devopness to manage GCP resources on your behalf, Service Account key has to be provided.
If you don't have access to a GCP account, you can create an account for free following the cloud provider specific guide Google Cloud Free Tier
-
Access a GCP project or create a new one: https://console.cloud.google.com/project
If you created a new project, a notification modal will appear showing your new project creation status. Note: It might take a few seconds for the new project to be visible in the project list. If your new project is not listed a few seconds after its creation, reload the console page.
-
Make sure
Compute Engine API
is enabled on the selected Project:- On GCP console, click on the dropdown menu and select APIs and Services
- Make sure the correct project is selected in GCP console's header left side
- Click on Enable APIs and Services on top of the page
- On the Search box, enter “Compute Engine API” and select it from search results
- If
Compute Engine API
is already activated, you will see theManage
button at the screen - Otherwise, click
Enable
button
-
Make sure
Cloud Asset API
is enabled on the selected Project:- On GCP console, click on the dropdown menu and select APIs and Services
- Make sure the correct project is selected in GCP console's header left side
- Click on Enable APIs and Services on top of the page
- On the Search box, enter “Cloud Asset API” and select it from search results
- If
Cloud Asset API
is already activated, you will see theManage
button at the screen - Otherwise, click
Enable
button
-
Go back to projects console
-
Having your project listed, click the three dot button on it and pick the
Settings
option -
On the left side menu under
IAM & Admin
, select theService Accounts
option -
Make sure a service account named as
<project-id>-compute@developer.gserviceaccount.com
is listed -
If you do not have a service account, create a new one:
- Click
+ CREATE SERVICE ACCOUNT
option below the search bar - Name your new service account
- Click
DONE
- Click
-
Having your service account listed, go to the
Actions
column, click the three dot menu on your service account and chooseManage details
option -
Copy your service account email to your clipboard
-
Bellow your service account name, go to the
PERMISSIONS
tab -
In the permissions table, go to
VIEW BY ROLES
tab -
Make sure your service account has the
Compute Engine Service Agent
roleNOTE: You may need to check the box labeled “Include Google-provided role grants” to see the
Compute Engine Service Agent
role in the list. -
If the service account doesn't have the
Compute Engine Service Agent
role, set it:- Click
GRANT ACCESS
button - The
Grant access to "..."
form will be displayed - Under
Add Principals
, click theNew principals
field and paste the service account email you copied earlier - Under
Assign roles
, click theRole
field and select theCompute Engine Service Agent
option - Click
SAVE
- Click
-
On the left side menu under
IAM & Admin
, select theIAM
option -
Having your service account listed, edit its roles:
- Click the edit icon on your service account
- Click
ADD ANOTHER ROLE
- Select the
Compute Instance Admin (v1)
role to this email - Click
SAVE
-
On the left side menu under
IAM & Admin
, select theService Accounts
option -
Go to the
Actions
column on your service account, click the three dot menu and chooseManage keys
option -
Add a new service account key
- Click
ADD KEY
button - Select
Create new key
option - Pick
JSON
key type - Click
CREATE
- Click
-
A JSON file containing your service account credentials will be downloaded, copy its content to your clipboard
-
To add the copied credentials to Devopness see Add a Credential