Adding a GCP Account

Learn how to seamlessly integrate your GCP account with our platform

Updated over a week ago

Step 1

Navigate to the ‘Account Manager’ tab and click on the ‘Add new account’ button. If you already have accounts, your Account Manager menu will appear as shown in the picture below.

Step 2

Click on the ‘Google Cloud Platform’ button.

Step 3

You'll be directed to the ‘Connect your GCP project’ page.

Step 3.1

In the first field, enter an Account name. You can choose a specific name (up to 32 characters) or leave it as the default ‘GCP.’



Step 3.2

Next, select the Access type (The selected type will be marked with a white dot on a blue background):

  • Read/write: Allows you to utilize all functions, such as converting to spot, scheduling resources, and removing unused resources.

  • Read-only: Permits viewing of resources and possible actions but restricts the use of main functionality.

This is how the read-write policy and the read-only policy appear:

Read-write policy

title: Uniskai Service Role

stage: "GA"

includedPermissions:

- appengine.applications.get

- appengine.instances.get

- appengine.instances.list

- appengine.services.get

- appengine.services.list

- appengine.versions.get

- appengine.versions.list

- bigquery.datasets.get

- bigquery.tables.get

- bigquery.tables.list

- bigquery.tables.getData

- bigquery.jobs.create

- bigtable.backups.get

- bigtable.backups.list

- bigtable.clusters.get

- bigtable.clusters.list

- bigtable.instances.get

- bigtable.instances.list

- cloudfunctions.functions.get

- cloudfunctions.functions.list

- cloudfunctions.locations.get

- cloudfunctions.locations.list

- cloudsql.backupRuns.list

- cloudsql.instances.list

- compute.autoscalers.list

- compute.diskTypes.get

- compute.disks.get

- compute.disks.list

- compute.externalVpnGateways.get

- compute.externalVpnGateways.list

- compute.externalVpnGateways.list

- compute.firewalls.get

- compute.firewalls.list

- compute.images.get

- compute.images.list

- compute.instanceGroupManagers.get

- compute.instanceGroupManagers.list

- compute.instanceGroups.get

- compute.instanceGroups.list

- compute.instanceTemplates.get

- compute.instanceTemplates.list

- compute.instances.get

- compute.instances.list

- compute.machineImages.get

- compute.machineImages.list

- compute.machineTypes.get

- compute.networks.get

- compute.networks.list

- compute.regions.list

- compute.routers.get

- compute.routers.list

- compute.routes.get

- compute.routes.list

- compute.snapshots.get

- compute.snapshots.list

- compute.subnetworks.get

- compute.subnetworks.list

- compute.vpnGateways.list

- compute.vpnTunnels.list

- compute.zones.list

- compute.targetVpnGateways.get

- compute.targetVpnGateways.list

- compute.healthChecks.get

- compute.healthChecks.list

- compute.addresses.get

- compute.addresses.list

- compute.interconnects.get

- compute.interconnects.list

- compute.interconnectAttachments.get

- compute.interconnectAttachments.list

- compute.forwardingRules.get

- compute.forwardingRules.list

- container.clusters.get

- container.clusters.list

- dns.managedZones.list

- file.backups.list

- file.instances.list

- file.locations.get

- file.locations.list

- memcache.instances.get

- memcache.instances.list

- recommender.locations.get

- recommender.locations.list

- redis.instances.get

- redis.instances.list

- spanner.backups.get

- spanner.backups.list

- spanner.instanceConfigs.get

- spanner.instanceConfigs.list

- spanner.instances.get

- spanner.instances.list

- storage.buckets.list

- serviceusage.services.list

- resourcemanager.projects.getIamPolicy

- iam.roles.list

- iam.serviceAccounts.list

- iam.serviceAccountKeys.list

- cloudasset.assets.searchAllResources

- compute.instances.listReferrers

- compute.instances.start

- compute.instances.stop

- compute.regions.get

- logging.logEntries.list

- compute.machineImages.create

- compute.machineImages.delete

- compute.instances.setDiskAutoDelete

- compute.instances.delete

- compute.instances.create

- compute.instances.setScheduling

- compute.globalOperations.get

- compute.zoneOperations.get

- compute.disks.createSnapshot

- compute.instances.useReadOnly

- compute.disks.update

- compute.machineImages.useReadOnly

- compute.disks.create

- compute.subnetworks.use

- compute.subnetworks.useExternalIp

- compute.instances.setMetadata

- compute.networks.use

- compute.instances.setLabels

- compute.disks.setLabels

- compute.snapshots.setLabels

- compute.images.setLabels

- compute.forwardingRules.setLabels

Read-only policy looks like this:

Read-only policy

title: Uniskai Service Role

stage: "GA"

includedPermissions:

- appengine.applications.get

- appengine.instances.get

- appengine.instances.list

- appengine.services.get

- appengine.services.list

- appengine.versions.get

- appengine.versions.list

- bigquery.datasets.get

- bigquery.tables.get

- bigquery.tables.list

- bigquery.tables.getData

- bigquery.jobs.create

- bigtable.backups.get

- bigtable.backups.list

- bigtable.clusters.get

- bigtable.clusters.list

- bigtable.instances.get

- bigtable.instances.list

- cloudfunctions.functions.get

- cloudfunctions.functions.list

- cloudfunctions.locations.get

- cloudfunctions.locations.list

- cloudsql.backupRuns.list

- cloudsql.instances.list

- compute.autoscalers.list

- compute.diskTypes.get

- compute.disks.get

- compute.disks.list

- compute.externalVpnGateways.get

- compute.externalVpnGateways.list

- compute.externalVpnGateways.list

- compute.firewalls.get

- compute.firewalls.list

- compute.images.get

- compute.images.list

- compute.instanceGroupManagers.get

- compute.instanceGroupManagers.list

- compute.instanceGroups.get

- compute.instanceGroups.list

- compute.instanceTemplates.get

- compute.instanceTemplates.list

- compute.instances.get

- compute.instances.list

- compute.machineImages.get

- compute.machineImages.list

- compute.machineTypes.get

- compute.networks.get

- compute.networks.list

- compute.regions.list

- compute.routers.get

- compute.routers.list

- compute.routes.get

- compute.routes.list

- compute.snapshots.get

- compute.snapshots.list

- compute.subnetworks.get

- compute.subnetworks.list

- compute.vpnGateways.list

- compute.vpnTunnels.list

- compute.zones.list

- compute.targetVpnGateways.get

- compute.targetVpnGateways.list

- compute.healthChecks.get

- compute.healthChecks.list

- compute.addresses.get

- compute.addresses.list

- compute.interconnects.get

- compute.interconnects.list

- compute.interconnectAttachments.get

- compute.interconnectAttachments.list

- compute.forwardingRules.get

- compute.forwardingRules.list

- container.clusters.get

- container.clusters.list

- dns.managedZones.list

- file.backups.list

- file.instances.list

- file.locations.get

- file.locations.list

- memcache.instances.get

- memcache.instances.list

- recommender.locations.get

- recommender.locations.list

- redis.instances.get

- redis.instances.list

- spanner.backups.get

- spanner.backups.list

- spanner.instanceConfigs.get

- spanner.instanceConfigs.list

- spanner.instances.get

- spanner.instances.list

- storage.buckets.list

- serviceusage.services.list

- resourcemanager.projects.getIamPolicy

- iam.roles.list

- iam.serviceAccounts.list

- iam.serviceAccountKeys.list

- cloudasset.assets.searchAllResources

- compute.instances.listReferrers

Step 3.3

The Connection type is already selected as Automatic, and a JSON key file will be automatically created by the shell script.


3.3.1

Refer to our manual by clicking the ‘Read manual’ button in the ‘GCP project connection’ pop-up.

This is how the manual appears:

To obtain JSON for Read/write mode, follow the instructions in the manual.

To obtain JSON for Read-only mode, follow the instructions in the manual.

3.3.2

To set up a GCP project, make sure you have the necessary permissions to create roles and service accounts! If you want to grant billing permissions, ensure you have access to a GCP root account.

Log in to GCP at https://console.cloud.google.com and open the Shell console.

3.3.3

Run the .sh script below, replacing PROJECT_ID with your GCP Project ID.

You can find Project ID in this place like shown on picture below.

sh <(curl -s https://gcp-uniskai-templates.s3.eu-west-2.amazonaws.com/create_serviceaccount.sh) PROJECT_ID read

You'll find the Project ID in this spot, just as illustrated in the picture below.

3.3.4

Click ‘Authorize’ to authorize Cloud Shell.

3.3.5

Wait until the script finishes successfully. Then click ‘Open editor.’

3.3.6

If you've followed all the instructions, you should have a ready JSON file.

Download the JSON file.

3.3.7

You can add billing permissions only if you have access to a GCP root account.

To set up billing documents, check out the 'Read Also' section at the end of the manual.

Adding billing permissions?

3.3.8

In section 3.3.8, you'll find the manual outlined below.

If you've already activated Billing in another GCP account, proceed to section 3.3.9.

3.3.9

Navigate to Billing.

3.3.10

Navigate to Billing export and click ‘Edit settings’ on Standard usage cost settings.

3.3.11

Choose your GCP project and click on Dataset.

3.3.12


Name the Dataset and click ‘Create Dataset.’

3.3.13


Choose the created Dataset and click ‘Save.’

Note: Billing may take several hours to appear on our platform after successful creation.

Step 3.4


Return to Uniskai and upload the created file.

Step 3.5


Verify that all data is correct and click the ‘Connect account’ button.

Step 3.6

Your account was successfully connected; you can see the connected account on the Account Manager page.

Did this answer your question?