Step 1
Skip to Step 4 if you came to this guide from the Connect Your GCP Project page.
Navigate to the ‘Account Manager’ tab and click on the ‘Add new account’ button. If you already have accounts, your Account Manager menu will appear as shown in the picture below.
Step 2
Click on the ‘Google Cloud Platform’ button.
Step 3
You'll be directed to the ‘Connect your GCP project’ page.
Step 3.1
In the first field, enter an Account name. You can choose a specific name (up to 32 characters) or leave it as the default ‘GCP.’
Step 3.2
Select the standard project account type, which allows you to add one account.
Step 3.3
In this case, we select the Read/Write access type
Next, select the Access type (The selected type will be marked with a white dot on a blue background):
Read/write: Allows you to utilize all functions, such as converting to spot, scheduling resources, and removing unused resources.
Read-only: Permits viewing of resources and possible actions but restricts the use of main functionality.
This is how the read-write policy appear:
Read-write policy looks like this:
Read-write policy looks like this:
title: Uniskai Service Role
stage: "GA"
includedPermissions:
- appengine.applications.get
- appengine.instances.get
- appengine.instances.list
- appengine.services.get
- appengine.services.list
- appengine.versions.get
- appengine.versions.list
- bigquery.datasets.get
- bigquery.tables.get
- bigquery.tables.list
- bigquery.tables.getData
- bigquery.jobs.create
- bigtable.backups.get
- bigtable.backups.list
- bigtable.clusters.get
- bigtable.clusters.list
- bigtable.instances.get
- bigtable.instances.list
- cloudfunctions.functions.get
- cloudfunctions.functions.list
- cloudfunctions.locations.get
- cloudfunctions.locations.list
- cloudsql.backupRuns.list
- cloudsql.instances.list
- compute.autoscalers.list
- compute.diskTypes.get
- compute.disks.get
- compute.disks.list
- compute.externalVpnGateways.get
- compute.externalVpnGateways.list
- compute.externalVpnGateways.list
- compute.firewalls.get
- compute.firewalls.list
- compute.images.get
- compute.images.list
- compute.instanceGroupManagers.get
- compute.instanceGroupManagers.list
- compute.instanceGroups.get
- compute.instanceGroups.list
- compute.instanceTemplates.get
- compute.instanceTemplates.list
- compute.instances.get
- compute.instances.list
- compute.machineImages.get
- compute.machineImages.list
- compute.machineTypes.get
- compute.networks.get
- compute.networks.list
- compute.regions.list
- compute.routers.get
- compute.routers.list
- compute.routes.get
- compute.routes.list
- compute.snapshots.get
- compute.snapshots.list
- compute.subnetworks.get
- compute.subnetworks.list
- compute.vpnGateways.list
- compute.vpnTunnels.list
- compute.zones.list
- compute.targetVpnGateways.get
- compute.targetVpnGateways.list
- compute.healthChecks.get
- compute.healthChecks.list
- compute.addresses.get
- compute.addresses.list
- compute.globalAddresses.get
- compute.globalAddresses.list
- compute.interconnects.get
- compute.interconnects.list
- compute.interconnectAttachments.get
- compute.interconnectAttachments.list
- compute.forwardingRules.get
- compute.forwardingRules.list
- container.clusters.get
- container.clusters.list
- dns.managedZones.list
- file.backups.list
- file.instances.list
- file.locations.get
- file.locations.list
- memcache.instances.get
- memcache.instances.list
- recommender.locations.get
- recommender.locations.list
- redis.instances.get
- redis.instances.list
- spanner.backups.get
- spanner.backups.list
- spanner.instanceConfigs.get
- spanner.instanceConfigs.list
- spanner.instances.get
- spanner.instances.list
- storage.buckets.get
- storage.buckets.list
- serviceusage.services.list
- resourcemanager.projects.getIamPolicy
- iam.roles.list
- iam.serviceAccounts.list
- iam.serviceAccountKeys.list
- cloudasset.assets.searchAllResources
- compute.instances.listReferrers
- compute.instances.start
- compute.instances.stop
- compute.regions.get
- logging.logEntries.list
- compute.machineImages.create
- compute.machineImages.delete
- compute.instances.setDiskAutoDelete
- compute.instances.delete
- compute.instances.create
- compute.instances.setScheduling
- compute.globalOperations.get
- compute.zoneOperations.get
- compute.disks.createSnapshot
- compute.instances.useReadOnly
- compute.disks.update
- compute.machineImages.useReadOnly
- compute.disks.create
- compute.subnetworks.use
- compute.subnetworks.useExternalIp
- compute.instances.setMetadata
- compute.networks.use
- compute.instances.setLabels
- compute.disks.setLabels
- compute.snapshots.setLabels
- compute.images.setLabels
- compute.forwardingRules.setLabels
- compute.addresses.delete
- compute.disks.delete
- compute.images.delete
- compute.globalAddresses.delete
- compute.instances.setServiceAccount
- iam.serviceAccounts.actAs
- container.operations.get
- container.clusters.update
- storage.buckets.update
- cloudfunctions.functions.update
- compute.addresses.setLabels
- compute.globalAddresses.setLabels
- compute.backendServices.list
- compute.targetPools.list
- eventarc.locations.list
- eventarc.providers.list
- eventarc.triggers.list
- eventarc.triggers.get
- eventarc.triggers.update
- eventarc.channels.list
- cloudkms.locations.list
- cloudkms.keyRings.list
- cloudkms.cryptoKeys.get
- cloudkms.cryptoKeys.list
- cloudkms.cryptoKeys.update
- cloudkms.cryptoKeyVersions.list
- cloudkms.importJobs.list
- monitoring.groups.get
- monitoring.groups.list
- monitoring.alertPolicies.get
- monitoring.alertPolicies.list
- monitoring.alertPolicies.update
- monitoring.notificationChannels.get
- monitoring.notificationChannels.list
- monitoring.notificationChannels.update
- monitoring.notificationChannelDescriptors.list
- monitoring.uptimeCheckConfigs.get
- monitoring.uptimeCheckConfigs.list
- monitoring.uptimeCheckConfigs.update
- monitoring.monitoredResourceDescriptors.list
- monitoring.timeSeries.list
- pubsub.topics.get
- pubsub.topics.list
- pubsub.topics.update
- pubsub.subscriptions.list
- pubsub.subscriptions.get
- pubsub.subscriptions.list
- pubsub.subscriptions.update
- pubsublite.topics.list
- pubsublite.reservations.list
- pubsublite.subscriptions.get
- pubsublite.subscriptions.list
Step 3.4
The Connection type is already selected as Automatic, and a JSON key file will be automatically created by the shell script.
To set up a GCP project, ensure you have the necessary permissions to create roles and service accounts!
Step 4
Login to GCP and select your Project
Step 5
Open Shell console
Step 6
Copy your Project ID and Run.sh script below. Insert your GCP project ID instead of “PROJECT_ID”
sh <(curl -s https://gcp-uniskai-eu-templates.s3.eu-central-1.amazonaws.com/create_serviceaccount.sh) PROJECT_ID
Step 7
Click Authorize to authorize Cloud Shell
Step 8
Wait until the script is finished. Then click Open editor
Step 9
Find and mouse right-click your project and save the JSON. Upload it to the Uniskai tab.
If you want to add billing, copy client_email for the following steps
Step 10
Return to Uniskai and upload the created file.
Step 11
Verify that all data is correct and click the ‘Connect account’ button.
Step 12
Your account was successfully connected; you can see the connected account on the Account Manager page.
How to add billing permissions for the project?
You can add billing permissions only if you have access to the GCP billing account.
Navigate to Go to the linked billing account. Then navigate to Billing export
Way 1. Detailed usage cost is enabled on the project you added
If the detailed usage cost is Enabled and your project name is correct, then the
setup is done
Way 2. Detailed usage cost is disabled.
Step 1
If the detailed usage cost is Disabled, click on the Edit settings
Step 2
Select your GCP project and click on Create new dataset.
Step 3
Name Dataset and click Create Dataset
Step 4
Click Save. At this stage, setup is done
Way 3. Detailed usage cost is enabled on a different project.
Step 1
If the detailed usage cost is Enabled on the different projects click Billing in the Dataset name
Step 2
Open the project selector and ensure that the project configured in the billing export is selected
Step 3
Open menu and navigate to IAM
Step 4
Click on Grant access
Step 5
Paste the client's email that you previously copied in Step 9 into New Principals. Add
Cloud Asset Viewer and BigQuery Data Viewer roles. Then click Save. Setup is done