To connect a Google project you will need to generate service keys. This may either be done with Terraform or through the Google Cloud Platform.
This module provisions an GCP Service Account granting cross account read-only access rights for AutoCloud's services to ingest your infrastructure.
- Get your AutoCloud organization ID, which can be found in My Account.
- Head over to AutoCloud's GCP Terraform Module.
- Get the Provision Instructions, copy and paste into your Terraform configuration.
- The following assets will be created:
- google_service_account - The GCP cross-account Service Account
- google_project_iam_member - Several role attachments linking the cross-account Service Account to the specific permissions allotted
- google_service_account_key - The GCP cross-account Service Account Private Key
- Download this private key to your computer.
- Log in to your GCP account. Navigate to the 'IAM & Admin' section then click on 'Service Accounts' in the left-hand menu. Click the '+ Create Service Account' button at the top of this page.
2. Give your service account a name and description. We suggest the name include your Project's name.
3. Grant this service account read access to the project. Specifically, you must give it the following role, as shown below. The Project-level 'Viewer' role. Then press Done.
4. Once the service account has been created, select the service account from the list.
5. In the service account details screen, select the Keys tab, and select Add Key.
6. Download this private key to your computer. AutoCloud stores this key in Vault so that you do not need to upload the key each time you create a new Version. To learn more about how AutoCloud keeps your information secure, check out our Security Practices.
- Go to Cloud Accounts
- Select "Add New" on top right corner
- Choose Google Cloud as the provider.
4. AutoCloud requires a Service Account Key with the roles "Viewer" and "Service Usage Viewer". A viewer role at the project-level is also required. You can generate this by using Google Console or Terraform. Upload the Service Account Key, then click Next.
6. If the upload of the JSON credentials was successful, you should now see the available projects. Click Next.
7. Configure billing information (optional).
8. Select regions.
6. Your GCP susbscription was onboarded and it's now being scanned!