Add GCP Cloud Accounts
To manage your Google Cloud Platform (GCP) service account's resources in Commander, add the service account as a cloud account. To do so, provide the private key for the service account.
If you want to update the private key for a GCP service account, see Update the Private Key for GCP Service Accounts.
Important: See Getting started with GCP for a list of tasks to complete before adding a GCP cloud account.
Access: | Views > Inventory |
Available to: | Commander Roles of Superuser and Enterprise Admin |
- Click the Infrastructure, Applications, or Storage tab.
- Select the root node of the Infrastructure, Applications, or Storage tree.
- At the top of the Summary page, click Add Cloud Account.
- In the Add Cloud Account dialog, from Cloud Account Type, select Google Cloud Platform.
- For Name, enter a name that will help identify this cloud account. Note that Service Portal users may see this name if they have permission.
- For Private Key (JSON) File, browse to the location of the private key for the Commander service account.
If you haven't already created a service account and downloaded its private key, see Create a service account for Commander to access GCP.
Commander validates the file to ensure that it's a private key file in JSON format. If the file is valid, Commander displays the Client ID and the Client Email for this service account.
- For Update Frequency, enter a value from 10 to 180, in minutes. Commander retrieves changes from GCP and generates events based on these changes. By default, Commander waits 60 minutes between updates.
This setting affects only how often configuration changes made in GCP are retrieved; changes made within Commander are displayed as soon as the task has finished.
More frequent updates (meaning lower values for this setting) may impact performance, especially in large installations.
- If Internet access is established through a web proxy server, enable Use Public Cloud Proxy.
- If you want to synchronize GCP labels and Commander custom attributes, for Sync Labels and Custom Attributes, click Configure.
- In the Synchronize GCP Labels and Commander Custom Attributes dialog, enable Import GCP Labels as Commander Custom Attribute as required.
- To exclude certain GCP labels from synchronization, enter them as a comma-separated list in the Excluded Labels text field.
- Click OK.
- Click OK to add the cloud account.
If you haven't already integrated your web proxy server with Commander, click Add Public Cloud Proxy Server and configure the proxy. This task requires the Superuser role. See Connect Public Clouds through Web Proxy Servers for instructions.
For more information, see Synchronize GCP Labels and Commander Custom Attributes.
Update permissions for GCP cloud accounts
You can update the permissions granted to a GCP cloud account. For example, if you want to change the visibility of resources — you can create a new service account and upload a new private key file.
Access: | Views > Inventory |
Available to: | Commander Roles of Superuser and Enterprise Admin |
- In the GCP console, create a new service account and grant it permissions. Follow the steps in Create a service account for Commander to access GCP, Enable the required APIs, and Grant permissions to the Commander service account
- In Commander, click the Infrastructure, Applications, or Storage tab.
- From the Inventory tree, select a cloud account.
- Select Actions > Edit Cloud Account.
- In the Edit Cloud Account dialog, for Private Key (JSON) File, browse to the location of the new private key for the Commander service account.
Commander validates the file to ensure that it's a private key file in JSON format. If the file is valid, Commander displays the Client ID and the Client Email for this service account.
- Click OK.