Service Account Setup

Creating a Service Account for DuploCloud GCP and adding a private key

A service account and a key are created for each GCP project to be onboarded.

Disable Restriction on the Service Account Key

Login to the GCP Console and select the desired project from the GCP Project list box.
In the left navigation pane, in IAM and admin, select Organization Policies.
Filter and search for iam.disableServiceAccountKeyCreation.
Click the options menu ( ) and select Edit policy.
Add a Rule (Rule 1 in the graphic below) to turn off enablement.

In the left navigation pane, click IAM and Admin -> Service Accounts.
In the Grant this service account access to project step, assign the Owner role as shown below, giving the account owner permission to the project.

Select the Service Account and create a new Key of type JSON.
Download the JSON file and give it a meaningful name, such as my-gcp-project-sa-key.json.
Open a Terminal window and navigate to the location of the downloaded file.
Run the following command. This copies the Key contents to your clipboard. You can verify the contents by pasting it into a text editor.

jq -r .private_key < my-gcp-project-sa-key.json| pbcopy

To add the private key to DuploCloud:

Login to the DuploCloud and navigate to Administrator -> Cloud Credentials. The Cloud Credentials page displays.
Paste the key in the Service Account Private Key field.
Enter a Display name for easy reference, preferably including the project name.
Enter the Project ID and Service Account Email from the JSON key file you downloaded.
Click Submit.

Last updated 12 days ago