Skip to main content

Preparing Google

This page explains how to set up a Google account so it's ready for the PW platform to manage infrastructure, clusters, billing, storage, and usage data.

Persona

The steps included on this page should be completed by a cloud engineer in your organization.

Google Account

We recommend creating a new Google project for the PW platform, which will allow you to keep your existing Google project separate from the platform and make it easier to manage billing and usage data. This will also ensure the principle of least privilege, as the PW platform will only have access to the resources it needs to manage.

Ensure the following APIs are enabled for the project in the API & Services page:

  • Cloud Resource Manager API
  • IAM API
  • Compute Engine API
  • Filestore API

Setting Up Google Credentials

To get started quickly, you can create a new service account and add the Owner role. This will allow the PW platform to manage all resources in your project. If you want to limit the scope of the service account, you can create a custom role and assign it to the service account.

Creating a Service Account Key

The PW platform uses service account keys to authenticate with Google Cloud. You can create a new service account key by following the steps on the Google documentation.

Google Permissions

This section includes the permissions or roles you’ll need to assign to the Google service account you create for the PW platform. You can create a custom role with all the needed permissions in the IAM console.

pw-billing

These permissions are used to provision and access billing infrastructure. You can also assign the existing Google IAM roles BigQuery User and Service Usage Admin to your Google service account.

serviceusage.operations.get
serviceusage.services.disable
serviceusage.services.enable
serviceusage.services.get
serviceusage.services.list
monitoring.timeSeries.list
serviceusage.operations.cancel
serviceusage.operations.delete
serviceusage.operations.list
serviceusage.quotas.get
serviceusage.quotas.update
serviceusage.services.use
bigquery.datasets.create
bigquery.datasets.get
bigquery.jobs.create
bigquery.tables.list
resourcemanager.projects.get
bigquery.bireservations.get
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.config.get
bigquery.datasets.getIamPolicy
bigquery.jobs.list
bigquery.models.list
bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search
bigquery.reservations.get
bigquery.reservations.list
bigquery.routines.list
bigquery.savedqueries.get
bigquery.savedqueries.list
bigquery.transfers.get
bigquerymigration.translation.translate
resourcemanager.projects.list
Last updated on by Parallel Works