Connect a GCP account

microtica enables seamless infrastructure provisioning directly within your google cloud platform (gcp) account to facilitate this, it is essential to link your google cloud account to microtica and provide it with the necessary access permissions this connection allows microtica to efficiently manage cloud resources on your behalf the authentication process involves microtica impersonating a service account that you create specifically for this purpose 1\ create a service account go to service accounts in the gcp console and choose enter service account name click on create and continue skip steps 2 and 3 click on done 2\ grant impersonation access to microtica’s service account go to service accounts in the gcp console click on the service account you created in step 1 choose permissions choose grant access add microtica cross account\@marine compass 268014 iam gserviceaccount com in the principle field and choose service account token creator role click save i usually takes 3 5 minutes for these changes to be propagated when connecting your google cloud in microtica (step 4) it may show an error if the changes are still not propagated 3\ grant permissions go to iam in the gcp console click on grant access in new principals , add the service account you created in step 1 choose the roles you wish to grant to microtica for a standard kubernetes setup you should assign the following roles compute network admin kubernetes engine admin project iam admin secret manager admin service account admin service account key admin service account user artifact registry administrator artifact registry repository administrator choose save remember to follow the principle of least privilege by only granting the necessary roles for the tasks the principal needs to perform this approach minimizes security risks by limiting access to what is strictly necessary for the job 4\ connect your gcp account in microtica open microtica console from the side menu, click on integrations > cloud accounts > connect gcp account enter the following name user friendly account name as shown in microtica console gcp service account emal the service account (email) you created in step 1 5\ enable gcp apis https //console cloud google com/apis/library/cloudresourcemanager googleapis com https //console cloud google com/apis/library/cloudresourcemanager googleapis com https //console cloud google com/apis/api/artifactregistry googleapis com https //console cloud google com/apis/api/artifactregistry googleapis com if you enabled this api recently, wait a few minutes for the action to propagate to our systems and retry