Connect your Google Cloud account

Microtica provisions infrastructure on your own Google Cloud Platform (GCP) account. In order to enable Microtica to manage cloud resources, you need to connect your Google Cloud account and grant the proper access permissions.

Microtica authenticates to your Google Cloud account by impersonating as a service account that you create and grant permissions to.

#1. Create a service account

  • Go to Service Accounts in the GCP Console and choose Create service account
  • Enter service account name
  • Choose Create and continue
  • Skip steps 2 and 3
  • Choose Done

#2. Grant impersonation access to Microtica’s service account

  • Go to Service Accounts in the GCP Console
  • Click on the service account you created in Step 1
  • Choose Permissions
  • Choose Grant access
  • Add microtica-cross-account@marine-compass-268014.iam.gserviceaccount.com in the principle field and choose Service Account Token Creator role
  • Choose Save

I usually takes  3-5 minutes for these changes to be propagated. When connecting your Google Cloud in Microtica (step 4) it may show an error if the changes are still not propagated.

#3. Grant permissions

  • Go to IAM in the GCP Console
  • Add the service account you created in Step 1
  • Choose the roles you wish to grant to Microtica. For example, if you want to create a GCP storage service with Microtica you would need to add Storage Admin role, similar, if you plan to provision a Kubernetes cluster you need to add the Kubernetes Engine Admin Role
  • Choose Save

#4. Connect your Google Cloud account in Microtica

  • Open Microtica Portal
  • Choose Settings -> Cloud Accounts -> Connect Cloud Account
  • For account type choose Google Cloud Platform
  • Enter the following:
    • Google Cloud Platform Project ID – Google Cloud Platform project id
    • Service Account – the service account (email) you created in Step 1
    • Project Name – only used as a friendly identifier
  • Choose Connect Google Cloud Platform Account