Creating a Service Account
To configure the Management Pack for Google Cloud Platform, you must create a service
account in Google Cloud Platform and download the private key as a JSON file. To create the
service account, you must have the Service Account Admin role
(roles/iam.serviceAccountAdmin) or the Editor primitive role (roles/editor). For read-only
access, the service account requires the project level viewer role (Viewer - primitive role
on GCP).
To monitor the Google Cloud Platform account using this Management Pack, activate the following
APIs:
- BigQuery API
- Compute Engine API
- Cloud Storage and Google Cloud Storage JSON API
- Kubernetes Engine API
- Stackdriver Monitoring API (The Stackdriver monitoring API (monitoring.googleapis.com) is required to monitor time-series metric data).
To activate these APIs:
- In the Cloud Console, navigate toAPIs & Servicesfor your project.
- In theLibrarypage, search for the above APIs.
- Select the Service API you want to activate.
- ClickEnable.
When the APIs are activated and the
service account has the correct set of roles and associated permissions, this
Management Pack can retrieve Google Cloud Platform data. When creating a service
account, you must select a Google Cloud Platform project as Google Cloud Platform
does not allow the service account to belong directly under the Google Cloud
Platform Organization.
- In the Cloud Console, navigate to
- From the Service account list, selectNew service ccount.
- In theService account nametext box, enter a name.
- From the Role list, The Role field authorizes the service account to access resources. SelectProject > Owneror select the required services in read-only (as a viewer).
- ClickSave.
- Download the service account private key as a JSON file.