Skip to main content
All CollectionsAdding an account to Uniskai
Adding a GCP Account with read-only access
Adding a GCP Account with read-only access

Learn how to seamlessly integrate your GCP read-only account with our platform

Updated over a month ago

Step 1

Skip to Step 4 if you came to this guide from the Connect Your GCP Project page.

Navigate to the ‘Account Manager’ tab and click the ‘Add new account’ button. If you already have accounts, your Account Manager menu will appear as shown in the picture below.

Step 2

Click on the ‘Google Cloud Platform’ button.

Step 3

You'll be directed to the ‘Connect your GCP project’ page.

Step 3.1

In the first field, enter an Account name. You can choose a specific name (up to 32 characters) or leave it as the default ‘GCP.’


Step 3.2

Select the standard project account type, which allows you to add one account.

Step 3.3

In this case, we select the read-only access type

Next, select the Access type (The selected type will be marked with a white dot on a blue background):

  • Read/write: Allows you to utilize all functions, such as converting to spot, scheduling resources, and removing unused resources.

  • Read-only: Permits viewing of resources and possible actions but restricts the use of main functionality.

This is how the read-only policy appear:

Read-only policy

title: Uniskai Service Role

stage: "GA"

includedPermissions:

- appengine.applications.get

- appengine.instances.get

- appengine.instances.list

- appengine.services.get

- appengine.services.list

- appengine.versions.get

- appengine.versions.list

- bigquery.datasets.get

- bigquery.tables.get

- bigquery.tables.list

- bigquery.tables.getData

- bigquery.jobs.create

- bigtable.backups.get

- bigtable.backups.list

- bigtable.clusters.get

- bigtable.clusters.list

- bigtable.instances.get

- bigtable.instances.list

- cloudfunctions.functions.get

- cloudfunctions.functions.list

- cloudfunctions.locations.get

- cloudfunctions.locations.list

- cloudsql.backupRuns.list

- cloudsql.instances.list

- compute.autoscalers.list

- compute.diskTypes.get

- compute.disks.get

- compute.disks.list

- compute.externalVpnGateways.get

- compute.externalVpnGateways.list

- compute.externalVpnGateways.list

- compute.firewalls.get

- compute.firewalls.list

- compute.images.get

- compute.images.list

- compute.instanceGroupManagers.get

- compute.instanceGroupManagers.list

- compute.instanceGroups.get

- compute.instanceGroups.list

- compute.instanceTemplates.get

- compute.instanceTemplates.list

- compute.instances.get

- compute.instances.list

- compute.machineImages.get

- compute.machineImages.list

- compute.machineTypes.get

- compute.networks.get

- compute.networks.list

- compute.regions.list

- compute.routers.get

- compute.routers.list

- compute.routes.get

- compute.routes.list

- compute.snapshots.get

- compute.snapshots.list

- compute.subnetworks.get

- compute.subnetworks.list

- compute.vpnGateways.list

- compute.vpnTunnels.list

- compute.zones.list

- compute.targetVpnGateways.get

- compute.targetVpnGateways.list

- compute.healthChecks.get

- compute.healthChecks.list

- compute.addresses.get

- compute.addresses.list

- compute.globalAddresses.get

- compute.globalAddresses.list

- compute.interconnects.get

- compute.interconnects.list

- compute.interconnectAttachments.get

- compute.interconnectAttachments.list

- compute.forwardingRules.get

- compute.forwardingRules.list

- container.clusters.get

- container.clusters.list

- dns.managedZones.list

- file.backups.list

- file.instances.list

- file.locations.get

- file.locations.list

- memcache.instances.get

- memcache.instances.list

- recommender.locations.get

- recommender.locations.list

- redis.instances.get

- redis.instances.list

- spanner.backups.get

- spanner.backups.list

- spanner.instanceConfigs.get

- spanner.instanceConfigs.list

- spanner.instances.get

- spanner.instances.list

- storage.buckets.get

- storage.buckets.list

- serviceusage.services.list

- resourcemanager.projects.getIamPolicy

- iam.roles.list

- iam.serviceAccounts.list

- iam.serviceAccountKeys.list

- cloudasset.assets.searchAllResources

- compute.instances.listReferrers

- compute.instances.setServiceAccount

- iam.serviceAccounts.actAs

- compute.backendServices.list

- compute.targetPools.list

- eventarc.locations.list

- eventarc.providers.list

- eventarc.triggers.list

- eventarc.triggers.get

- eventarc.channels.list

- cloudkms.locations.list

- cloudkms.keyRings.list

- cloudkms.cryptoKeys.get

- cloudkms.cryptoKeys.list

- cloudkms.cryptoKeyVersions.list

- cloudkms.importJobs.list

- monitoring.groups.get

- monitoring.groups.list

- monitoring.alertPolicies.get

- monitoring.alertPolicies.list

- monitoring.notificationChannels.get

- monitoring.notificationChannels.list

- monitoring.notificationChannelDescriptors.list

- monitoring.uptimeCheckConfigs.get

- monitoring.uptimeCheckConfigs.list

- monitoring.monitoredResourceDescriptors.list

- monitoring.timeSeries.list

- pubsub.topics.get

- pubsub.topics.list

- pubsub.subscriptions.list

- pubsub.subscriptions.get

- pubsub.subscriptions.list

- pubsublite.topics.list

- pubsublite.reservations.list

- pubsublite.subscriptions.get

- pubsublite.subscriptions.list

Step 3.4

The Connection type is already selected as Automatic, and a JSON key file will be automatically created by the shell script.

To set up a GCP project, ensure you have the necessary permissions to create roles and service accounts!

Step 4

Login to GCP and select your Project

Step 5

Open Shell console

Step 6

Copy your Project ID and Run.sh script below. Insert your GCP project ID instead of “PROJECT_ID”

sh <(curl -s https://gcp-uniskai-eu-templates.s3.eu-central-1.amazonaws.com/create_serviceaccount.sh) PROJECT_ID read

Step 7

Click Authorize to authorize Cloud Shell

Step 8

Wait until the script is finished. Then click Open editor

Step 9

Find and mouse right-click your project and save the JSON. Upload it to the Uniskai tab.
If you want to add billing, copy client_email for the following steps

Step 10

Return to Uniskai and upload the created file.

Step 11


Verify that all data is correct and click the ‘Connect account’ button.

Step 11

Your account was successfully connected; you can see the connected account on the Account Manager page.

How to add billing permissions for the project?

You can add billing permissions only if you have access to the GCP billing account.

Navigate to Go to the linked billing account. Then navigate to Billing export

Way 1. Detailed usage cost is enabled on the project you added

If the detailed usage cost is Enabled and your project name is correct, then the
setup is done

Way 2. Detailed usage cost is disabled.

Step 1

If the detailed usage cost is Disabled, click on the Edit settings

Step 2

Select your GCP project and click on Create new dataset.

Step 3

Name Dataset and click Create Dataset

Step 4

Click Save. At this stage, setup is done

Way 3. Detailed usage cost is enabled on a different project.

Step 1

If the detailed usage cost is Enabled on the different projects click Billing in the Dataset name

Step 2

Open the project selector and ensure that the project configured in the billing export is selected

Step 3

Open the menu and navigate to IAM

Step 4

Click on Grant access

Step 5

Paste the client's email that you previously copied in Step 9 into New Principals. Add
Cloud Asset Viewer and BigQuery Data Viewer roles. Then click Save. Setup is done


Related Articles
Updating Your GCP Account
Adding whole organization of GCP account with read/write access
Adding whole organization of GCP account with read-only access
Google Cloud Platform. How to configure Cost Exports?
Adding a GCP Account with read/write access
Did this answer your question?