Skip to main content

Preparing Google

This page explains how to set up a Google account so that ACTIVATE can manage your Google infrastructure, clusters, billing, storage, and usage data.

Persona

The steps included on this page should be completed by a cloud engineer in your organization.

Google Account

We recommend creating a new Google project for the ACTIVATE platform, which will allow you to keep your existing Google project separate from the platform and make it easier to manage billing and usage data. This will also ensure the principle of least privilege, as ACTIVATE will only have access to the resources it needs to manage.

Ensure the following APIs are enabled for the project in the API & Services page:

  • Cloud Resource Manager API
  • IAM API
  • Compute Engine API
  • Filestore API

Setting Up Google Credentials

To get started quickly, you can create a new service account and add the Owner role. This will allow ACTIVATE to manage all resources in your project. If you want to limit the scope of the service account, you can create a custom role and assign it to the service account.

Creating a Service Account Key

ACTIVATE uses service account keys to authenticate with Google Cloud. You can create a new service account key by following the steps on the Google documentation.

Google Permissions

This section includes the permissions or roles you’ll need to assign to the Google service account you create for ACTIVATE. You can create a custom role with all the necessary permissions in the IAM console.

pw-billing

These permissions are used to provision and access billing infrastructure. You can also assign the existing Google IAM roles BigQuery User and Service Usage Admin to your Google service account.

serviceusage.operations.get
serviceusage.services.disable
serviceusage.services.enable
serviceusage.services.get
serviceusage.services.list
monitoring.timeSeries.list
serviceusage.operations.cancel
serviceusage.operations.delete
serviceusage.operations.list
serviceusage.quotas.get
serviceusage.quotas.update
serviceusage.services.use
bigquery.datasets.create
bigquery.datasets.get
bigquery.jobs.create
bigquery.tables.list
resourcemanager.projects.get
bigquery.bireservations.get
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.config.get
bigquery.datasets.getIamPolicy
bigquery.jobs.list
bigquery.models.list
bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search
bigquery.reservations.get
bigquery.reservations.list
bigquery.routines.list
bigquery.savedqueries.get
bigquery.savedqueries.list
bigquery.transfers.get
bigquerymigration.translation.translate
resourcemanager.projects.list