ZCSPM
Configuring GCP Projects Onboarding Prerequisites using Scripts
You can configure onboarding prerequisites for your GCP projects on ZCSPM. Using the script becomes particularly useful when you have a large set of projects or want to onboard only a selected set of projects, either as a list or as a .csv file.
Prerequisite Roles and Permissions
Action | Required Roles and Permission | Billing Account |
Create Service Account & Key | Project Owner | |
Assign roles to Service Account | Project Owner | |
Enable APIs | Project Owner | All projects must be linked with the billing account |
To configure onboarding prerequisites for your GCP Projects onto ZCSPM:
- 1. Set your project and download the scripts
- Open the GCP cloud shell. To set the project, use the following command:
gcloud config set project <Project_ID>
- Check if you are authenticated to the GCP cloud by using the following command:
gcloud auth list
- Download the script by using the following command:
wget -O - https://raw.githubusercontent.com/Cloudneeti/docs_cloudneeti/master/scripts/gcp-onboarding/download-gcp-onboarding-scripts.sh | bash
- Update the script's permissions by using the following command:
chmod +x zcspm-gcp-onboarding/*.sh
- Change the directory by using the following command:
Closecd zcspm-gcp-onboarding
- 2. Create Service Account, assign role, and enable APIs on your GCP Project
To enable APIs on a single or multiple GCP projects, run the following command:
./configure-project-onboarding-prerequisites.sh -p <service_account_project_id> -s <service_account_name> -l “<project_id1>,<project_id2>,<project_id3>”
You can list up to 10 projects.
OR
To enable APIs on an allowed list of projects on a .csv file, run the following command:
./configure-project-onboarding-prerequisites.sh -p <service_account_project_id> -s <service_account_name> -c <file_name>.csv
You can create a .csv file of allowed list of projects by running the following command:
gcloud projects list --format="csv(projectId,name)" > <file_name>.csv
Copy the key file path and download the key. Store the downloaded key in a secure location.
cloudshell download <Key_File_Path>
The script also enables the required Cloud APIs on the project in which the service account is created.
Close