Search…
GCP
Discover, catalog and map your cloud resources from Google Cloud Platform (GCP) within your service catalog.
Cloud computing is the on-demand delivery of IT resources over the Internet with pay-as-you-go pricing. Instead of buying, owning, and maintaining physical data centers and servers, you can access technology services, such as computing power, storage, and databases, on an as-needed basis from a cloud provider like GCP.
GCP helps drive business transformation for some of the world’s leading companies in retail, financial services, manufacturing, media, gaming, entertainment, telco, public sector, and healthcare.

GCP Resource Discovery

A GCP service account is a special kind of Identity and Access Management (IAM) account used by an application rather than a person. Applications use service accounts to make authorized API calls, authorized as the service account itself through domain-wide delegation.
To perform auto discovery of your GCP resources for your service catalog, configure8 utilizes this special kind of account, referred to as a service account, to delegate read-only permission for the configure8 discovery workers to read the GCP service metadata. That metadata is then recorded within your configure8 catalog for service mapping and drift detection. Each discovery worker runs in its own isolated container to ensure there is no cross pollination of resources for an organization.

Prerequisite

In order to get started with auto discovery for you GCP resources, you must create a new service account in the GCP console.
You can review the full documentation on service account in GCP here.

Create a Service Account

configure8 supports cross project discovery based on the project permissions granted to the service account. You can grant a service account access to multiple accounts by adding the service account to an existing project and assigning it a Viewer role.
To get started, sign in to the GCP Console and select the appropriate project where you would like configure8 to auto discover resources. Then select IAM a& Admin > Service Accounts from the sidebar menu.
Next, select CREATE SERVICE ACCOUNT
From the Create Service Account wizard, enter a name and description for your new service account and select CREATE AND CONTINUE.
On step 2 Grant this service account access to a project, select the Viewer role.
Next, select Continue and then Done to create your new service account.

Create Service Account Keys

To use a service account from outside of Google Cloud, such as with configure8, you must first establish the identity of the service account. Public/private key pairs, referred to as service account keys, provide a secure way of accomplishing this goal.
To create a service account key, navigate to you new service account, select the Keys tab and click ADD KEY.
From the Create private key for ... pop-up, select the JSON option and click CREATE to provision and download your new service account key.
Once the JSON service account key is downloaded to your local machine, make sure you copy the it to a secure location. This key will be used to connect the configure8 auto discovery to your GCP account.

Creating a Google Cloud Credential

To connect your Google Cloud account to configure8, perform the following steps.
In order for the connectivity tests to pass when you enter your GCP credentials, you must ensure the Cloud Resource Manager API is enabled in your GCP account. The API is used to test the ability to call GCP APIs for the projects associated with your entered credentials.
You can verify the Cloud Resource Manager API is enabled by navigating to https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview
Get started by navigating to the Credentials page by clicking on the "lock" icon on the menu bar.
Next, select the Add Credential button.
From the Add Credential pop-up, select GCP from the list of available providers.
Next, enter the information required for your credential.
  • Name: a recognizable alias for the new credential
  • Organization Id: This value can be found by opening the project selector and copying the ID of your organization.
  • Service Account Key: This is the entire contents of the service account key JSON file. Simply open the file and copy the contents into this field.
Select Save to create your GCP credential in configure8. The configure8 app will automatically validate the credentials to make sure they work. If they do not, the credentials will not be saved and you will be prompted to fix them.
If the credentials pass, your credentials will be saved and the configure8 discovery service will automatically run a one-time auto discovery to get a baseline of your GCP account resources.

Scheduling a discovery

configure8 can auto discover the Cloud resources within your Google Cloud account on an ad-hoc basis or by leveraging our scheduling engine to scan for new resources on a 2/4/6/8/10/12 hour interval.
To create a discovery job for your GCP account, start by navigating to the Credentials page by clicking on the "lock" icon on the menu bar.
Find the credentials you would like to schedule for auto discovery, select the ellipse button to display the context menu and select the Schedule option.
From the Schedule pop-up, you can run an ad-hoc discovery simply by clicking Run Now.
From the Schedule pop-up, you can also schedule an on-going auto discovery of your GCP account resources by choosing an hourly frequency from the dropdown and selecting Schedule Discovery.

Supported Auto Discovery Resources

The current supported GCP resources that are auto discoverable by configure8 are:
  • Google Compute Engine (GCE)
  • Dataproc
  • Google Kubernetes Engine (GKE)
  • Google Cloud SQL
  • Google Cloud Storage
  • Google Virtual Private Cloud
  • Google Memory Store
  • Google BigQuery
  • Google Pub/Sub
  • Google Artifact Registry
  • Google Firestore
  • Google Cloud Run
Copyright © 2022 configure8, Inc. All rights reserved.
Last modified 1mo ago
Copy link
Outline
GCP Resource Discovery
Prerequisite
Create a Service Account
Create Service Account Keys
Creating a Google Cloud Credential
Scheduling a discovery
Supported Auto Discovery Resources