Skip to main content

Google Cloud integration (via script)

You are here:
← All topics

Follow the steps to integrate the Google Cloud with CleanCloud:

1. Access the GCP panel and select the project you want to configure. 

2. In the top menu click the Activate Cloud Shell button to create the role with the necessary permissions for the integration.

3. To execute the role creation, copy the code below and paste it into the terminal. Don’t forget to change the variables related to the project.

gcloud iam roles create CleanCloudScoreRole --description "Access to execute an assignment on CleanCloud Score" --stage ALPHA --permissions bigquery.datasets.get,cloudkms.cryptoKeys.getIamPolicy,cloudkms.cryptoKeys.list,cloudkms.keyRings.list,cloudsql.instances.list,compute.disks.list,compute.firewalls.list,compute.instances.list,compute.networks.list,compute.projects.get,compute.regions.list,compute.sslPolicies.get,compute.subnetworks.list,compute.targetHttpProxies.list,compute.targetSslProxies.list,compute.zones.list,dns.managedZones.list,iam.serviceAccountKeys.list,iam.serviceAccounts.list,logging.logMetrics.list,logging.sinks.list,monitoring.alertPolicies.list,orgpolicy.policy.get,resourcemanager.projects.get,resourcemanager.projects.getIamPolicy,storage.buckets.get,storage.buckets.getIamPolicy,storage.buckets.list --title "CleanCloud Score Role" --project name-cloud

4. Click the Authorize button to authorize the API call. 

5. After executing the command, all role permissions will be created.

In this step, it will be necessary to enable the APIs of each Google service covered by CleanCloud Score.

6. To do this, run the command below: 

gcloud services enable compute.googleapis.com cloudresourcemanager.googleapis.com bigquery.googleapis.com dns.googleapis.com iam.googleapis.com cloudkms.googleapis.com logging.googleapis.com monitoring.googleapis.com sqladmin.googleapis.com storage.googleapis.com

In this step it will be necessary to create a Service Account to attach to the role created. 

7. To do this, go to the Credentials page and click on Create Credential and then select Service Account.

8. In the first step of creating the Service Account type a name and description then click Create.

9. In the second creation step, select the Custom option and the role created previously. Click Continue.

10. The third and last step leave it blank and click Done.

11. Access the newly created Service Account.

12. Select the Key tab.

13. Click on Add Key and select the option Create new key.

14. Select the JSON option and click Create.

15. The message of the key saved on the computer will appear. Open the file saved in any text editor and copy the JSON content for the next step.

16. In the CleanCloud panel, type a name for the cloud and paste the content copied in step 15 into the IAM credentials field. Click Next.

The integration of the GCP cloud was successfully completed 🙂

Close Menu