Skip to main content

Getting Credentials for Cross4FinOps

To integrate the Google Cloud Provider (GCP) provider to use the Cross4FinOps service you are required to perform some operations in GCP. The images attached below will guide you. Please follow the instructions below.


1. Project Creation

If you do not have any GCP project, please create a one firstly. Otherwise, you can skip this section.

  1. Go to GCP Console and log in to your account.

  2. Click the Select Project button top of the page.

Show the instruction with images

GCP Step 2

  1. Click on the New Project button located in the upper-right corner of the opened section.
Show the instruction with images

GCP Step 3

  1. On the next page, you can define the desired Project name for the project.

  2. Finally, click the Create button.

Show the instruction with images

GCP Step 4-5


2. C4C Custom Role Creation

  1. Go to GCP Console and log in to your account.

Firstly, we need to create a role with the necessary permissions for our product to have the required authorizations.

You can do this in one of four ways: Manual, gcloud CLI and Full Access.

The Manual method provides you with the entire permission list, and you need to add them one by one from the list.

The gcloud CLI method offers a code block and a file containing all the required permissions. Running this code block in gcluoud CLI automatically creates a role.

You can proceed by selecting your preference.

If you wish to proceed with this method, please follow the steps below.

  1. Click the MENU icon on the very left side.

  2. Click on Iam & Admin section, and select Roles from the opened menu.

Show the instruction with images

GCP Step 2-3

  1. Then click CREATE ROLE button on the top.
Show the instruction with images

GCP Step 4

  1. Enter your Title, then Click ADD PERMISSIONS button on the bottom.
Show the instruction with images

GCP Step 5

  1. After ensuring that the following items are selected from the opened permissions list, click the Add button.

    Show the required permission names.
    • iam.roles.get
    • pubsub.subscriptions.getIamPolicy
    • pubsub.topics.getIamPolicy
    • resourcemanager.projects.getIamPolicy
    • storage.buckets.getIamPolicy
    • storage.buckets.update
    • compute.instances.update
    • compute.instances.setLabels
    • storage.buckets.setIamPolicy
Show the instruction with images

GCP Step 6

  1. After confirming that all the permissions in the table have been added, click the Create button located at the bottom of the page.

    warning

    Please be sure, all required permission are selected.

Show the instruction with images

GCP Step 7

After these steps, you should have successfully created the role with the necessary permissions.


3. Service Account Creation

We have created a role with the necessary permissions; now, we need to create an account to which we will assign this role.

  1. Go to GCP Console and log in to your account.

  2. Go to Service accounts from the left menu, under IAM & Admin.

Show the instruction with images

GCP Step 2

  1. Click CREATE SERVICE ACCOUNT button on the top.
Show the instruction with images

GCP Step 3

  1. Enter your Service account name, and it will generate a service account ID. After that click CREATE AND CONTINUE.
Show the instruction with images

GCP Step 4

optional

You can enter a description under Service account description to better identify the created account.

  1. In the second opened stage, click on Select a role and proceed according to the method you chose when creating the role:
warning
  1. If you chose to continue with Manuel method for creating the role, you should choose the role you created with the title you assign it under the Custom section.
  2. After selected the custom role click + Add Another Role button and select Viewer role under Basic section.
Show the instruction with images

GCP Step 5

  1. After selecting the relevant roles, click on the CONTINUE button.
Show the instruction with images

GCP Step 6

  1. Lastly, click DONE.

    tip

    After clicking the Done button, you should find yourself back in the Service Accounts page. However, if you are not, click on the Service Accounts section again from the menu on the left.

Show the instruction with images

GCP Step 7

Check from the list whether your service account has been created or not.


4. Obtaining Key

In this section, we will create the key file that we need in our platform.

  1. Locate the user we created on the Service Accounts page. Navigate to the Actions tab for the respective user, and click on the Three dots(...) button and select Manage keys.

  2. Click on the ADD KEY button on the opened page, and select Create new key.

Show the instruction with images

GCP Step 1

  1. When creating credentials, please note that our system currently only accepts credentials in JSON format, so make sure to select the JSON key type. After that, click CREATE, and the generated key will be downloaded to your computer.
Show the instruction with images

GCP Step 3

Do not forget to check your downloads. Make sure you keep the downloaded credential file in a reachable field.


Critical Step

Please do not forget the setup your Cost Information Configuration and Usage Cost Configurations.