Configuring GCP Data Sources
Google Cloud Project
Before linking the Google Cloud Project, the following steps must be completed:
Enable Billing export
Create a role for CerteroX for Cloud
Create a service account
Generate an API key
If this has not been completed, refer to Configure the Project before proceeding to Connect to CerteroX for Cloud.
Configure the Project
Enable Billing export following the official Google Cloud documentation. This will result in a new dataset in BigQuery. Note the names of the dataset & table.
Configure a role for CerteroX for Cloud:
Run the following command in GCP CLI:
Via Google Cloud console
Go to Roles page and click Create Role.
Give the role any name and description.
Add the following permissions:
bigquery.jobs.create
bigquery.tables.getData
compute.addresses.list
compute.addresses.setLabels
compute.disks.list
compute.disks.setLabels
compute.firewalls.list
compute.globalAddresses.list
compute.instances.list
compute.instances.setLabels
compute.images.list
compute.images.setLabels
compute.machineTypes.get
compute.machineTypes.list
compute.networks.list
compute.regions.list
compute.snapshots.list
compute.snapshots.setLabels
compute.zones.list
iam.serviceAccounts.list
monitoring.timeSeries.list
storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.list
storage.buckets.update
Create a service account following the official Google Cloud documentation. Specify the role you have just created.
Generate an API key for your service account following the official Google Cloud documentation. Download it as a .json file, which will be used in the next stage.
Connect to CerteroX for Cloud
Go to CerteroX for Cloud → Settings → Data Sources.
Click Actions → Add
Select GCP as the Data Source and Project as Connection type.
Fill in the fields & upload the API key from earlier. Click the Connect button.
Google Cloud Tenant
Before linking the Google Cloud Project, the following steps must be completed:
Enable Billing export
Create a role for CerteroX for Cloud
Create a service account
Generate an API key
If this has not been completed, refer to Configure the Tenant before proceeding to Connect to CerteroX for Cloud.
Configure the Tenant
Enable Billing export following the official Google Cloud documentation. This will result in a new dataset in BigQuery. Note the names of the dataset & table.
Configure a role for CerteroX for Cloud:
Run the following command in GCP CLI:
Via Google Cloud console
Go to Roles page and click Create Role.
Give the role any name and description.
Add the following permissions:
bigquery.jobs.create
bigquery.tables.getData
compute.addresses.list
compute.addresses.setLabels
compute.disks.list
compute.disks.setLabels
compute.firewalls.list
compute.globalAddresses.list
compute.instances.list
compute.instances.setLabels
compute.images.list
compute.images.setLabels
compute.machineTypes.get
compute.machineTypes.list
compute.networks.list
compute.regions.list
compute.snapshots.list
compute.snapshots.setLabels
compute.zones.list
iam.serviceAccounts.list
monitoring.timeSeries.list
storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.list
storage.buckets.update
Create a service account following the official Google Cloud documentation. Specify the role you have just created.
Grant the service account access to each project that needs to be linked to CerteroX for Cloud. Select the Project, go to the IAM & Admin section in Google Cloud Console, select IAM, and click the Grant Access button. Add the your service account & assign the created role to it.
Generate an API key for your service account following the official Google Cloud documentation. Download it as a .json file, which will be used in the next stage.
Connect to CerteroX for Cloud
Go to CerteroX for Cloud → Settings → Data Sources.
Click Actions → Add
Select GCP as the Data Source and Tenant as Connection type.
Fill in the fields & upload the API key from earlier. Click the Connect button.