Service Account Setup

A service account and a key are created for each GCP project to be onboarded.

Disabling Restriction on the Service Account Key

1. Login to the GCP Console and select the desired project.

2. Open the navigation pane at the top left of the home page ( ), and select IAM & Admin -> Organization Policies.

3. Filter and search for iam.disableServiceAccountKeyCreation.

4. Click the options menu ( ) and select Edit policy.

5. Add a Rule (Rule 1 in the graphic below) to turn off enablement.

Creating a Service Account

1. In the left navigation pane, click IAM & Admin -> Service Accounts. The Service Accounts page for your project displays.

2. Click Create Service Account. The Create service account wizard opens.

3. Complete Service Account Details.

4. In the Grant this service account access to project step, assign the Owner role as shown below, giving the account owner permission to the project. Complete the wizard, and click Done.

1. Select the Service Account you created and add a new JSON Key.

2. Download the JSON file and give it a meaningful name, such as my-gcp-project-sa-key.json.

3. Open a Terminal window and navigate to the location of the downloaded JSON file.

4. Run the following command. This copies the key contents on your clipboard. You can verify the contents by pasting it into a text editor.

jq -r .private_key < my-gcp-project-sa-key.json| pbcopy

Adding the Service Account Private Key to the DuploCloud Portal

To add the private key to DuploCloud:

1. Login to the DuploCloud and navigate to Administrator -> Cloud Credentials. The Cloud Credentials page displays.

2. Paste the key in the Service Account Private Key field.

3. Enter a Display name for easy reference. Ideally, this name should include the project name.

4. Enter the Project ID and Service Account Email from the JSON key file you downloaded.

5. Click Submit.