GCP
Discover, catalog and map your cloud resources from Google Cloud Platform (GCP) within your service catalog.
Cloud computing is the on-demand delivery of IT resources over the Internet with pay-as-you-go pricing. Instead of buying, owning, and maintaining physical data centers and servers, you can access technology services, such as computing power, storage, and databases, on an as-needed basis from a cloud provider like GCP.
GCP helps drive business transformation for some of the world’s leading companies in retail, financial services, manufacturing, media, gaming, entertainment, telco, public sector, and healthcare.
A GCP service account is a special kind of Identity and Access Management (IAM) account used by an application rather than a person. Applications use service accounts to make authorized API calls, authorized as the service account itself through domain-wide delegation.
To perform auto discovery of your GCP resources for your service catalog, configure8 utilizes this special kind of account, referred to as a service account, to delegate
read-only permission for the configure8 discovery workers to read the GCP service metadata. That metadata is then recorded within your configure8 catalog for service mapping and drift detection. Each discovery worker runs in its own isolated container to ensure there is no cross pollination of resources for an organization. In order to get started with auto discovery for you GCP resources, you must create a new service account in the GCP console.
configure8 supports cross project discovery based on the project permissions granted to the service account. You can grant a service account access to multiple accounts by adding the service account to an existing project and assigning it a
Viewer role.To get started, sign in to the GCP Console and select the appropriate project where you would like configure8 to auto discover resources. Then select IAM a& Admin > Service Accounts from the sidebar menu.
Next, select CREATE SERVICE ACCOUNT
From the Create Service Account wizard, enter a name and description for your new service account and select CREATE AND CONTINUE.
On step 2 Grant this service account access to a project, select the Viewer role.
Next, select Continue and then Done to create your new service account.
To use a service account from outside of Google Cloud, such as with configure8, you must first establish the identity of the service account. Public/private key pairs, referred to as service account keys, provide a secure way of accomplishing this goal.
To create a service account key, navigate to you new service account, select the Keys tab and click ADD KEY.
From the Create private key for ... pop-up, select the JSON option and click CREATE to provision and download your new service account key.
Once the JSON service account key is downloaded to your local machine, make sure you copy the it to a secure location. This key will be used to connect the configure8 auto discovery to your GCP account.
To connect your Google Cloud account to configure8, perform the following steps.
In order for the connectivity tests to pass when you enter your GCP credentials, you must ensure the
Cloud Resource Manager API is enabled in your GCP account. The API is used to test the ability to call GCP APIs for the projects associated with your entered credentials. You can verify the
Cloud Resource Manager API is enabled by navigating to https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overviewGet started by navigating to the Credentials page by clicking on the "lock" icon on the menu bar.
Next, select the Add Credential button.
From the Add Credential pop-up, select GCP from the list of available providers.
Next, enter the information required for your credential.
- Name: a recognizable alias for the new credential
- Organization Id: This value can be found by opening the project selector and copying the ID of your organization.
- Service Account Key: This is the entire contents of the service account key JSON file. Simply open the file and copy the contents into this field.
Select Save to create your GCP credential in configure8. The configure8 app will automatically validate the credentials to make sure they work. If they do not, the credentials will not be saved and you will be prompted to fix them.
If the credentials pass, your credentials will be saved and the configure8 discovery service will automatically run a one-time auto discovery to get a baseline of your GCP account resources.
configure8 can auto discover the Cloud resources within your Google Cloud account on an ad-hoc basis or by leveraging our scheduling engine to scan for new resources on a 2/4/6/8/10/12 hour interval.
To create a discovery job for your GCP account, start by navigating to the Credentials page by clicking on the "lock" icon on the menu bar.
Find the credentials you would like to schedule for auto discovery, select the ellipse button to display the context menu and select the Schedule option.
From the Schedule pop-up, you can run an ad-hoc discovery simply by clicking Run Now.
From the Schedule pop-up, you can also schedule an on-going auto discovery of your GCP account resources by choosing an hourly frequency from the dropdown and selecting Schedule Discovery.
The current supported GCP resources that are auto discoverable by configure8 are:
- Google Compute Engine (GCE)
- Dataproc
- Google Kubernetes Engine (GKE)
- Google Cloud SQL
- Google Cloud Storage
- Google Virtual Private Cloud
- Google Memory Store
- Google BigQuery
- Google Pub/Sub
- Google Artifact Registry
- Google Firestore
- Google Cloud Run
Copyright © 2022 configure8, Inc. All rights reserved.
Last modified 9mo ago