Integrating Google Cloud using a service account key

Go to your Google Cloud service account, and select CREATE SERVICE ACCOUNT.
Add the Service account details, and select CREATE AND CONTINUE.
Add the following roles:
- viewer
- iam.securityReviewer
- storage.objectViewer conditional to tfstate suffix
Select SAVE > DONE.
Select the kebab menu.
Select Manage keys > ADD KEY > Create new key.
Select JSON > CREATE. Selecting CREATE downloads a service account key file.
In Firefly, select Settings > Integrations.
Select Add New > Google Cloud > Service Account Key.
Enter a descriptive name in the Nickname field.
Paste or upload the account key file into the Service Account Key box.
Select Next.

Go to your Google Cloud service account.
Add the following roles to the account you want to integrate:
1. viewer
2. iam.securityReviewer
3. storage.objectViewer conditional to tfstate suffix
Select the kebab menu.
Select Manage keys > ADD KEY > Create new key.
Select JSON > CREATE. Selecting CREATE downloads a service account key file.
In Firefly, select Settings > Integrations.
Select Add New > Google Cloud > Service Account Key.
Enter a descriptive name in the Nickname field.
Paste or upload the account key file into the Service Account Key box.
Select Next.

Use the same service account key to simultaneously integrate multiple GCP projects.

Log in to the Google Cloud console.
For your primary project, select IAM & Admin > Service Accounts. Copy the principal (associated email address).
Select each subordinate project for which you want to combine with the primary account.
Select GRANT ACCESS.
In the New principals field, enter the email address of the primary project.
In the Role field, select the role as a Viewer and SAVE.

Last updated 9 months ago