This page walks through the steps required to add a single GCP account, also known as a project, into DivvyCloud. To read more about Google Cloud Projects, check out their information here.
In addition, we also support adding multiple GCP projects (aka organizations) to DivvyCloud. Review the details of that setup on the Organizations (GCP) page.
Otherwise, refer to the steps below to get set up.
Before you get started you will want to make sure you have the following:
- A functioning DivvyCloud Installation with the appropriate admin permissions
- The appropriate permissions to access the resources you will need from Google
If you have questions or concerns, reach out to us at [email protected]
1. To access the API Manager, log in to the GCP console. Verify that you have selected the organization and the project you wish to add to DivvyCloud.
Note the Project ID; you will need this when adding the cloud account to DivvyCloud.
2. To access the APIs & Services dashboard, select API & Services from the left navigation and click "Dashboard".
3. Enable APIs — Once you have selected Dashboard, you will see a list of APIs that are currently enabled.
- We recommend that you enable the following APIs in order to gain visibility and access to those GCP services (services are listed below the APIs):
- Cloud SQL
- Cloud SQL Admin API
- Compute Engine API
- Compute Engine Instance Group Manager API
- Google Cloud Deployment Manager V2 API
- Cloud Storage
- Google Compute Engine Instance Group Updater API
- Compute Engine Instance Groups API
- Google+ API
- Kubernetes Engine API
DivvyCloud-supported GCP services:
BigQuery API Cloud Filestore API Cloud Dataflow API Cloud Resource Manager API Cloud Datastore API Cloud Key Management Service (KMS) API Cloud Dataproc API Cloud SQL Admin API Cloud Pub/Sub API Stackdriver Logging API Admin SDK Cloud Billing API Compute Engine API Identity and Access Management (IAM) API Cloud Bigtable API Cloud Bigtable Admin API Cloud Functions API Cloud Spanner API Google Cloud SQL Google Cloud Storage Google Cloud Storage JSON API Service Management API Cloud DNS Kubernetes Engine API Stackdriver Monitoring
If you do not have all of the recommended APIs enabled, select "Enable APIs and Services". Otherwise, skip to "Creating Credentials."
4. In the Google API Library, enter the name of the missing API in the search box. Select the searched for API. (The example below shows just one match; multiple API matches may be shown in card format.)
5. You will see a description of the API. Once you have reviewed the information, select "Enable." Repeat the process until you have added all of the missing APIs.
6. Once you have verified your enabled APIs, you will need to create an additional custom role to ensure appropriate access. Go to "Roles --> Create Role --> Add Permissions".
- Search for storage, select "Storage Legacy Bucket Owner" and "Storage Legacy Bucket Reader".
- Select and add the following two permissions
Save this new role and give it a name (e.g. DivvyCloudStorage) and ID.
7. Click on Credentials on the navigation menu (from the API Services Dashboard).
8. Click on the "Create credentials" button and select "Service account" from the drop-down menu.
Note: this navigates to the IAM & Admin section of the Google Cloud Platform Dashboard.
9. Complete the "Service account details" as follows, click "Create" when you're finished.
- Service account name - the name you want to provide for the service account
- ID - the service account ID
- Service account description - a description of the account's purpose
10. Under Service Account permissions click on "Select a role".
- Select "Project-->Viewer" to give DivvyCloud the scope to view all cloud resources.
- Select "Project -->Editor" to view and act upon all cloud resources.
- Select the custom role you created in Step #6 (e.g. DivvyCloudStorage)
- Add any conditions (optional), if desired.
11. Click Continue to save your role selection.
12. To finish the process to "Create Service Account", click "Create Key*.
- Select JSON as your key type. (This allows DivvyCloud to call APIs programmatically.)
- If you want to configure the "Grant users access to this service account (optional), consult with your local administrator to confirm details, or reach out to [email protected] with questions.
13. Click "Done" to complete this process and confirm that your Service Account Key has been created. You should see a confirmation message with the name of your JSON key. (This also automatically downloads the key.)
Store this JSON in a secure place; the JSON contains the only copy of the keys.
1. Go to your DivvyCloud account. Navigate to the Clouds main page (under Cloud on the left-side navigation menu). Click on Add Cloud in the upper right.
2. Enter Cloud Information:
- Select 'Google Cloud Platform' in the Select Technology dropbox.
- Name your cloud account.
- Provide your project ID from Setup on Google Console Step 1.
- Enter the JSON from the credentials you created and saved earlier.
- Enter an admin Email if you want to manage IAM and the Google Cloud Directory.
3. Complete the optional validation step for permissions.
Both AWS and GCP include the ability to optionally validate permissions before adding a new cloud account. To review those steps, visit the instructions provided under Cloud Account Setup.
4. Add any Badges you would like to this particular cloud account. Badges provide a way to assign additional metadata about resources within the DivvyCloud platform. They are key/value pairs which can be used for filtering and identifying resources from parent cloud account.
5. Select Add Cloud.
6. Confirm the addition of your GCP cloud account.
Note: You should see a notification that indicates you have successfully added a cloud account.
- DivvyCloud will begin harvesting immediately and the data should start to surface after five minutes or so, depending upon the size of your cloud account. Y
- You can also confirm that your cloud account is added by returning to the Clouds main page, selecting the Listing tab and confirming that your newly added cloud account is listed.
Updated 8 days ago