GCP
Create Teleskope Service Account
Create a Teleskope service account in your GCP project.
Terraform
project_id
(Required) Your GCP Project ID
"my-project-id"
Grant Resource Manager Read Access to Teleskope Service Account
Grant the following resource manager permissions to the Teleskope service account you created above:
resourcemanager.projects.list
resourcemanager.projects.get
resourcemanager.folders.get
resourcemanager.folders.list
resourcemanager.organizations.get
compute.regions.list
If you are enabling CloudStorage, please add the following permissions as well:
storage.buckets.list
storage.buckets.getIamPolicy
Terraform
org_id
(Required) Your GCP Org ID
"130342390179"
Configure Workload Identity Federation (Saas Only)
Teleskope Saas is run in an isolated AWS account. In order to grant Teleskope the ability to connect to GCP, you will need to configure workload identity federation.
Create Workload Identity Federation Pool
Go to https://console.cloud.google.com/ > Workload Identity Federation > Create Pool
Name: teleskope-pool
Pool id : teleskope-pool
Provider:
Select Provider: AWS
Provider Name: teleskope-provider
AWS Account: {origin_aws_account_id}
Grant Access to Teleskope Service Account
Once pool is created, click Grant Access, and select the Teleskope service account you created above.
Terraform
origin_aws_account_id
(Required) AWS Account ID where Teleskope is deployed.
"012345678912"
project_id
(Required) Your GCP Project ID
"my-project-id"