MicroticaMicrotica
Integrations

Connect a GCP account

Connect your Google Cloud account to Microtica so it can provision and manage infrastructure for you by impersonating a service account you create.

Microtica provisions infrastructure directly on your Google Cloud Platform (GCP) account. Connect the account once and grant Microtica the access it needs to manage your cloud resources.

Microtica authenticates by impersonating a service account that you create for this purpose.

Prerequisites

  • A Microtica project — create one if you don't have it yet.
  • Permission to create service accounts and grant IAM roles in the GCP account you want to connect.

Create a service account

  1. Go to Service Accounts in the GCP Console and click Create service account.

  2. Enter a service account name.

  3. Click Create and continue.

    Creating a service account in the GCP Console

  4. Skip steps 2 and 3.

  5. Click Done.

Grant impersonation access to Microtica's service account

  1. Go to Service Accounts in the GCP Console.
  2. Click the service account you created above.
  3. Choose Permissions.
  4. Choose Grant access.
  5. Add microtica-cross-account@marine-compass-268014.iam.gserviceaccount.com in the principal field and choose the Service Account Token Creator role.
  6. Click Save.

Allow time to propagate

It usually takes 3-5 minutes for these changes to propagate. When you connect your Google Cloud account in Microtica (step below), it may show an error if the changes haven't propagated yet.

Grant permissions

  1. Go to IAM in the GCP Console.
  2. Click Grant access.
  3. In New principals, add the service account you created above.
  4. Choose the roles you want to grant to Microtica. For a standard Kubernetes setup, assign the following roles:
    • Compute Network Admin
    • Kubernetes Engine Admin
    • Project IAM Admin
    • Secret Manager Admin
    • Service Account Admin
    • Service Account Key Admin
    • Service Account User
    • Artifact Registry Administrator
    • Artifact Registry Repository Administrator
  5. Choose Save.

Least privilege

Follow the principle of least privilege: grant only the roles needed for the tasks the principal performs. This limits access to what is strictly necessary and reduces security risk.

Granting IAM roles to the service account in the GCP Console

Connect your GCP account in Microtica

  1. Open the Microtica console.
  2. From the side menu, go to IntegrationsCloud AccountsConnect GCP account.
  3. Enter the following:
    • Name — A user-friendly account name as shown in the Microtica console.
    • GCP Service Account Email — The service account email you created above.
Connect GCP account dialog in the Microtica console

Enable GCP APIs

Enable the following APIs in the GCP Console:

If you enabled an API recently, wait a few minutes for the change to propagate to our systems, then retry.

Next steps

Connect an AWS account

Connect your AWS account to Microtica so it can provision and manage infrastructure for you, using short-lived AWS STS credentials instead of stored keys.

Connect an Exoscale account

Connect your Exoscale account to Microtica so it can provision and manage infrastructure for you, authenticating with an API key and secret you create.

On this page

PrerequisitesCreate a service accountGrant impersonation access to Microtica's service accountGrant permissionsConnect your GCP account in MicroticaEnable GCP APIsNext steps