Step 1
Navigate to the ‘Account Manager’ tab and click on the ‘Add new account’ button. If you already have accounts, your Account Manager menu will appear as shown in the picture below.
Step 2
Click on the ‘Google Cloud Platform’ button.
Step 3
You'll be directed to the ‘Connect your GCP project’ page.
Step 3.1
In the first field, enter an Account name. You can choose a specific name (up to 32 characters) or leave it as the default ‘GCP.’
Step 3.2
Choose the type of account according to your needs, the standard project allows you to add a single account, the service project gives us the opportunity to add a multi-account.
Step 3.3
Next, select the Access type (The selected type will be marked with a white dot on a blue background):
Read/write: Allows you to utilize all functions, such as converting to spot, scheduling resources, and removing unused resources.
Read-only: Permits viewing of resources and possible actions but restricts the use of main functionality.
This is how the read-write policy and the read-only policy appear:
Read-write policy looks like this:
Read-write policy looks like this:
title: Uniskai Service Role
stage: "GA"
includedPermissions:
- appengine.applications.get
- appengine.instances.get
- appengine.instances.list
- appengine.services.get
- appengine.services.list
- appengine.versions.get
- appengine.versions.list
- bigquery.datasets.get
- bigquery.tables.get
- bigquery.tables.list
- bigquery.tables.getData
- bigquery.jobs.create
- bigtable.backups.get
- bigtable.backups.list
- bigtable.clusters.get
- bigtable.clusters.list
- bigtable.instances.get
- bigtable.instances.list
- cloudfunctions.functions.get
- cloudfunctions.functions.list
- cloudfunctions.locations.get
- cloudfunctions.locations.list
- cloudsql.backupRuns.list
- cloudsql.instances.list
- compute.autoscalers.list
- compute.diskTypes.get
- compute.disks.get
- compute.disks.list
- compute.externalVpnGateways.get
- compute.externalVpnGateways.list
- compute.externalVpnGateways.list
- compute.firewalls.get
- compute.firewalls.list
- compute.images.get
- compute.images.list
- compute.instanceGroupManagers.get
- compute.instanceGroupManagers.list
- compute.instanceGroups.get
- compute.instanceGroups.list
- compute.instanceTemplates.get
- compute.instanceTemplates.list
- compute.instances.get
- compute.instances.list
- compute.machineImages.get
- compute.machineImages.list
- compute.machineTypes.get
- compute.networks.get
- compute.networks.list
- compute.regions.list
- compute.routers.get
- compute.routers.list
- compute.routes.get
- compute.routes.list
- compute.snapshots.get
- compute.snapshots.list
- compute.subnetworks.get
- compute.subnetworks.list
- compute.vpnGateways.list
- compute.vpnTunnels.list
- compute.zones.list
- compute.targetVpnGateways.get
- compute.targetVpnGateways.list
- compute.healthChecks.get
- compute.healthChecks.list
- compute.addresses.get
- compute.addresses.list
- compute.globalAddresses.get
- compute.globalAddresses.list
- compute.interconnects.get
- compute.interconnects.list
- compute.interconnectAttachments.get
- compute.interconnectAttachments.list
- compute.forwardingRules.get
- compute.forwardingRules.list
- container.clusters.get
- container.clusters.list
- dns.managedZones.list
- file.backups.list
- file.instances.list
- file.locations.get
- file.locations.list
- memcache.instances.get
- memcache.instances.list
- recommender.locations.get
- recommender.locations.list
- redis.instances.get
- redis.instances.list
- spanner.backups.get
- spanner.backups.list
- spanner.instanceConfigs.get
- spanner.instanceConfigs.list
- spanner.instances.get
- spanner.instances.list
- storage.buckets.get
- storage.buckets.list
- serviceusage.services.list
- resourcemanager.projects.getIamPolicy
- iam.roles.list
- iam.serviceAccounts.list
- iam.serviceAccountKeys.list
- cloudasset.assets.searchAllResources
- compute.instances.listReferrers
- compute.instances.start
- compute.instances.stop
- compute.regions.get
- logging.logEntries.list
- compute.machineImages.create
- compute.machineImages.delete
- compute.instances.setDiskAutoDelete
- compute.instances.delete
- compute.instances.create
- compute.instances.setScheduling
- compute.globalOperations.get
- compute.zoneOperations.get
- compute.disks.createSnapshot
- compute.instances.useReadOnly
- compute.disks.update
- compute.machineImages.useReadOnly
- compute.disks.create
- compute.subnetworks.use
- compute.subnetworks.useExternalIp
- compute.instances.setMetadata
- compute.networks.use
- compute.instances.setLabels
- compute.disks.setLabels
- compute.snapshots.setLabels
- compute.images.setLabels
- compute.forwardingRules.setLabels
- compute.addresses.delete
- compute.disks.delete
- compute.images.delete
- compute.globalAddresses.delete
- compute.instances.setServiceAccount
- iam.serviceAccounts.actAs
- container.operations.get
- container.clusters.update
- storage.buckets.update
- cloudfunctions.functions.update
- compute.addresses.setLabels
- compute.globalAddresses.setLabels
- compute.backendServices.list
- compute.targetPools.list
- eventarc.locations.list
- eventarc.providers.list
- eventarc.triggers.list
- eventarc.triggers.get
- eventarc.triggers.update
- eventarc.channels.list
- cloudkms.locations.list
- cloudkms.keyRings.list
- cloudkms.cryptoKeys.get
- cloudkms.cryptoKeys.list
- cloudkms.cryptoKeys.update
- cloudkms.cryptoKeyVersions.list
- cloudkms.importJobs.list
- monitoring.groups.get
- monitoring.groups.list
- monitoring.alertPolicies.get
- monitoring.alertPolicies.list
- monitoring.alertPolicies.update
- monitoring.notificationChannels.get
- monitoring.notificationChannels.list
- monitoring.notificationChannels.update
- monitoring.notificationChannelDescriptors.list
- monitoring.uptimeCheckConfigs.get
- monitoring.uptimeCheckConfigs.list
- monitoring.uptimeCheckConfigs.update
- monitoring.monitoredResourceDescriptors.list
- monitoring.timeSeries.list
- pubsub.topics.get
- pubsub.topics.list
- pubsub.topics.update
- pubsub.subscriptions.list
- pubsub.subscriptions.get
- pubsub.subscriptions.list
- pubsub.subscriptions.update
- pubsublite.topics.list
- pubsublite.reservations.list
- pubsublite.subscriptions.get
- pubsublite.subscriptions.list
Read-only policy
Read-only policy
title: Uniskai Service Role
stage: "GA"
includedPermissions:
- appengine.applications.get
- appengine.instances.get
- appengine.instances.list
- appengine.services.get
- appengine.services.list
- appengine.versions.get
- appengine.versions.list
- bigquery.datasets.get
- bigquery.tables.get
- bigquery.tables.list
- bigquery.tables.getData
- bigquery.jobs.create
- bigtable.backups.get
- bigtable.backups.list
- bigtable.clusters.get
- bigtable.clusters.list
- bigtable.instances.get
- bigtable.instances.list
- cloudfunctions.functions.get
- cloudfunctions.functions.list
- cloudfunctions.locations.get
- cloudfunctions.locations.list
- cloudsql.backupRuns.list
- cloudsql.instances.list
- compute.autoscalers.list
- compute.diskTypes.get
- compute.disks.get
- compute.disks.list
- compute.externalVpnGateways.get
- compute.externalVpnGateways.list
- compute.externalVpnGateways.list
- compute.firewalls.get
- compute.firewalls.list
- compute.images.get
- compute.images.list
- compute.instanceGroupManagers.get
- compute.instanceGroupManagers.list
- compute.instanceGroups.get
- compute.instanceGroups.list
- compute.instanceTemplates.get
- compute.instanceTemplates.list
- compute.instances.get
- compute.instances.list
- compute.machineImages.get
- compute.machineImages.list
- compute.machineTypes.get
- compute.networks.get
- compute.networks.list
- compute.regions.list
- compute.routers.get
- compute.routers.list
- compute.routes.get
- compute.routes.list
- compute.snapshots.get
- compute.snapshots.list
- compute.subnetworks.get
- compute.subnetworks.list
- compute.vpnGateways.list
- compute.vpnTunnels.list
- compute.zones.list
- compute.targetVpnGateways.get
- compute.targetVpnGateways.list
- compute.healthChecks.get
- compute.healthChecks.list
- compute.addresses.get
- compute.addresses.list
- compute.globalAddresses.get
- compute.globalAddresses.list
- compute.interconnects.get
- compute.interconnects.list
- compute.interconnectAttachments.get
- compute.interconnectAttachments.list
- compute.forwardingRules.get
- compute.forwardingRules.list
- container.clusters.get
- container.clusters.list
- dns.managedZones.list
- file.backups.list
- file.instances.list
- file.locations.get
- file.locations.list
- memcache.instances.get
- memcache.instances.list
- recommender.locations.get
- recommender.locations.list
- redis.instances.get
- redis.instances.list
- spanner.backups.get
- spanner.backups.list
- spanner.instanceConfigs.get
- spanner.instanceConfigs.list
- spanner.instances.get
- spanner.instances.list
- storage.buckets.get
- storage.buckets.list
- serviceusage.services.list
- resourcemanager.projects.getIamPolicy
- iam.roles.list
- iam.serviceAccounts.list
- iam.serviceAccountKeys.list
- cloudasset.assets.searchAllResources
- compute.instances.listReferrers
- compute.instances.setServiceAccount
- iam.serviceAccounts.actAs
- compute.backendServices.list
- compute.targetPools.list
- eventarc.locations.list
- eventarc.providers.list
- eventarc.triggers.list
- eventarc.triggers.get
- eventarc.channels.list
- cloudkms.locations.list
- cloudkms.keyRings.list
- cloudkms.cryptoKeys.get
- cloudkms.cryptoKeys.list
- cloudkms.cryptoKeyVersions.list
- cloudkms.importJobs.list
- monitoring.groups.get
- monitoring.groups.list
- monitoring.alertPolicies.get
- monitoring.alertPolicies.list
- monitoring.notificationChannels.get
- monitoring.notificationChannels.list
- monitoring.notificationChannelDescriptors.list
- monitoring.uptimeCheckConfigs.get
- monitoring.uptimeCheckConfigs.list
- monitoring.monitoredResourceDescriptors.list
- monitoring.timeSeries.list
- pubsub.topics.get
- pubsub.topics.list
- pubsub.subscriptions.list
- pubsub.subscriptions.get
- pubsub.subscriptions.list
- pubsublite.topics.list
- pubsublite.reservations.list
- pubsublite.subscriptions.get
- pubsublite.subscriptions.list
Step 3.4
The Connection type is already selected as Automatic, and a JSON key file will be automatically created by the shell script.
3.4.1
Refer to our manual by clicking the ‘Read manual’ button in the ‘GCP project connection’ pop-up.
This is how the manual appears:
To obtain JSON for Read/write mode, follow the instructions in the manual.
To obtain JSON for Read-only mode, follow the instructions in the manual.
3.4.2
To set up a GCP project, make sure you have the necessary permissions to create roles and service accounts! If you want to grant billing permissions, ensure you have access to a GCP root account.
Log in to GCP at https://console.cloud.google.com and open the Shell console.
3.4.3
Run the .sh script below, replacing PROJECT_ID with your GCP Project ID.
You can find Project ID in this place like shown on picture below.
sh <(curl -s https://gcp-uniskai-templates.s3.eu-west-2.amazonaws.com/create_serviceaccount.sh) PROJECT_ID read
You'll find the Project ID in this spot, just as illustrated in the picture below.
3.4.4
Click ‘Authorize’ to authorize Cloud Shell.
3.4.5
Wait until the script finishes successfully. Then click ‘Open editor.’
3.4.6
If you've followed all the instructions, you should have a ready JSON file.
Download the JSON file.
3.4.7
You can add billing permissions only if you have access to a GCP root account.
To set up billing documents, check out the 'Read Also' section at the end of the manual.
Adding billing permissions?
3.4.8
Check if BigQuery Export is Enabled
You can add billing permissions only if you have access to GCP root account.
1. Navigate to the GCP Console
2. Go to the "Billing" or "Billing & Usage" section in the left-hand menu.
3. Within the billing section, select "Billing export".
4. Review your billing settings and find the option for exporting to BigQuery.
3.4.9.
In section 3.4.8, you'll find the export indicator whether it is enabled or disabled.
1. If export is not enabled ( When export is enabled move to the 3.4.10.)
2. Navigate to Billing export and click ‘Edit settings’ on Standard usage cost settings.
3. Choose your GCP project and click on Dataset.
4. Name the Dataset and click ‘Create Dataset.’
5. Choose the created Dataset and click ‘Save.’
Billing may take several hours to appear on our platform after successful creation.
6. Open the menu and navigate to IAM & Admin.
7. Open the project selector and select the already enabled billing project.
8. Navigate to Service Accounts and copy Uniskai service account.
9. Open the project selector and select another already enabled billing project.
10. Navigate to IAM and click Grant Access.
11. Paste Uniskai service account. Add Cloud Asset Viewer and BigQuery Data Viewer roles. Then Click Save.
3.4.10.
When export is enabled
1. Open the menu and navigate to IAM & Admin.
2. Open the project selector and select the already enabled billing project.
3. Navigate to Service Accounts and copy Uniskai service account.
4. Open the project selector and select another already enabled billing project.
5. Navigate to IAM and click Grant Access.
6. Paste Uniskai service account. Add Cloud Asset Viewer and BigQuery Data Viewer roles. Then Click Save.
Note: Billing may take several hours to appear on our platform after successful creation.
Step 3.5
Return to Uniskai and upload the created file.
Step 3.6
Verify that all data is correct and click the ‘Connect account’ button.
Step 3.7
Your account was successfully connected; you can see the connected account on the Account Manager page.
