GCP

Discover, catalog and map your cloud resources from Google Cloud Platform (GCP) within your service catalog.

Summary - Creating an GCP Credential

  1. Create Service Account Keys. Copy it to a secure location.

  2. Go to configure8 app -> Settings -> Credentials -> Add Credential and select GCP credential provider.

  3. Set up name for the Credential and fill info based on this.

  4. Hit Save. The credentials will be checked and a discovery job will start. Done!

Cloud computing is the on-demand delivery of IT resources over the Internet with pay-as-you-go pricing. Instead of buying, owning, and maintaining physical data centers and servers, you can access technology services, such as computing power, storage, and databases, on an as-needed basis from a cloud provider like GCP.

GCP helps drive business transformation for some of the world’s leading companies in retail, financial services, manufacturing, media, gaming, entertainment, telco, public sector, and healthcare.

GCP Resource Discovery

A GCP service account is a special kind of Identity and Access Management (IAM) account used by an application rather than a person. Applications use service accounts to make authorized API calls, authorized as the service account itself through domain-wide delegation.

To perform auto discovery of your GCP resources for your service catalog, configure8 utilizes this special kind of account, referred to as a service account, to delegate read-only permission for the configure8 discovery workers to read the GCP service metadata. That metadata is then recorded within your configure8 catalog for service mapping and drift detection. Each discovery worker runs in its own isolated container to ensure there is no cross pollination of resources for an organization.

Prerequisite

In order to get started with auto discovery for you GCP resources, you must create a new service account in the GCP console.

You can review the full documentation on service account in GCP here.

Create a Service Account

configure8 supports cross project discovery based on the project permissions granted to the service account. You can grant a service account access to multiple accounts by adding the service account to an existing project and assigning it a Viewer role.

To get started, sign in to the GCP Console and select the appropriate project where you would like configure8 to auto discover resources. Then select IAM & Admin > Service Accounts from the sidebar menu.

Next, select CREATE SERVICE ACCOUNT

From the Create Service Account wizard, enter a name and description for your new service account and select CREATE AND CONTINUE.

On step 2 Grant this service account access to a project, select the Viewer role.

Next, select Continue and then Done to create your new service account.

Create Service Account Keys

To use a service account from outside of Google Cloud, such as with configure8, you must first establish the identity of the service account. Public/private key pairs, referred to as service account keys, provide a secure way of accomplishing this goal.

To create a service account key, navigate to you new service account, select the Keys tab and click ADD KEY.

From the Create private key for ... pop-up, select the JSON option and click CREATE to provision and download your new service account key.

Once the JSON service account key is downloaded to your local machine, make sure you copy the it to a secure location. This key will be used to connect the configure8 auto discovery to your GCP account.

Creating a Google Cloud Credential

To connect your Google Cloud account to configure8, perform the following steps.

In order for the connectivity tests to pass when you enter your GCP credentials, you must ensure the Cloud Resource Manager API is enabled in your GCP account. The API is used to test the ability to call GCP APIs for the projects associated with your entered credentials.

You can verify the Cloud Resource Manager API is enabled by navigating to https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview

Get started by navigating to the Credentials page by clicking on the "lock" icon on the menu bar.

Next, select the Add Credential button.

From the Add Credential pop-up, select GCP from the list of available providers.

Next, enter the information required for your credential.

  • Name: a recognizable alias for the new credential

  • Service Account Key: This is the entire contents of the service account key JSON file. Simply open the file and copy the contents into this field.

Select Save to create your GCP credential in configure8. The configure8 app will automatically validate the credentials to make sure they work. If they do not, the credentials will not be saved and you will be prompted to fix them.

If the credentials pass, your credentials will be saved and the configure8 discovery service will automatically run a one-time auto discovery to get a baseline of your GCP account resources.

Scheduling a discovery

configure8 can auto discover the Cloud resources within your Google Cloud account on an ad-hoc basis or by leveraging our scheduling engine to scan for new resources on a 24/48 hour interval.

To create a discovery job for your Azure account, start by navigating to the Credentials page by navigating to the Settings (gear) icon on the left hand side navigation.

Find the credentials you would like to schedule for auto discovery, select the ellipse button to display the context menu and select the View option.

From the pop-up under the Discovery section, you can schedule an on-going auto discovery of your resources by toggling on the Auto Discovery switch if not enabled, then choosing a frequency from the Schedule dropdown and selecting Save.

From the pop-up under the Manual Discovery section, you can also run an ad-hoc discovery simply by clicking Run Now.

Supported Auto Discovery Resources

The current supported GCP resources that are auto discoverable by configure8 are:

  • Google Compute Engine (GCE)

  • Dataproc

  • Google Kubernetes Engine (GKE)

  • Google Cloud SQL

  • Google Cloud Storage

  • Google Virtual Private Cloud

  • Google Memory Store

  • Google BigQuery

  • Google Pub/Sub

  • Google Artifact Registry

  • Google Firestore

  • Google Cloud Run

Last updated

Copyright © 2023 configure8, Inc. All rights reserved.