LogoLogo
  • Getting Started
    • Welcome to Teleskope.ai
    • Your Journey with Teleskope
  • The Platform
    • Data Catalog
    • Data Subject Rights
      • Integrations
      • Enroll Third Party Integrations
        • Amplitude
        • Google Analytics
        • Salesforce
        • Bazaar Voice
      • Enroll Structured Databases
      • Deletion Methods
    • Policy Maker
    • Issues
    • API Service
      • Scanning API
        • v1/classify
        • v1/classifyCollection
        • v1/scan
      • Redaction API
        • v1/scrub
      • Data Subject Rights
        • GET v1/dsr/requests
        • POST v1/dsr/requests
      • Metadata
        • v1/aws/rds
        • v1/aws/s3
        • v1/snowflake
        • v1/snowflake/users
        • v1/gcp/bigquery
        • v1/gcp/cloudstorage
        • v1/gcp/cloudsql
  • Setup
    • Deployment
    • Role Based Access Control
    • SSO
      • Okta
      • Microsoft Entra
      • Google Auth
  • Specifications
    • Data Store Coverage
    • Compliance Frameworks
    • Redaction Methodologies
    • Data Elements
  • Connectors
    • AWS
      • Athena
      • RDS
      • DynamoDB
      • Redshift
      • S3
      • SNS
      • SQS
    • GCP
      • Cloud Storage
      • Grant Teleskope Access to BigQuery
      • CloudSQL
      • Grant Teleskope Access to CloudLogging
    • SaaS
      • Github
      • Google Drive
      • Jira
      • Segment
      • Zendesk
      • DropBox
      • Box
      • Bitbucket
      • Slack
      • Sharepoint Online
    • Snowflake
    • Azure
      • Azure SQL
      • Azure Database
      • Blob Storage
      • CosmosDB
      • Synapse
    • Databricks
  • DSR
  • Alerting Integrations
    • Slack
    • Tines
Powered by GitBook
On this page
  • Create Teleskope Service Account
  • Terraform
  • Grant Resource Manager Read Access to Teleskope Service Account
  • Terraform
  • Configure Workload Identity Federation (Saas Only)
  • Create Workload Identity Federation Pool
  • Grant Access to Teleskope Service Account
  • Terraform

Was this helpful?

  1. Connectors

GCP

Create Teleskope Service Account

Create a Teleskope service account in your GCP project.

Terraform

Variable
Description
Example

project_id

(Required) Your GCP Project ID

"my-project-id"

resource "google_service_account" "teleskope" {
  account_id   = "teleskope"
  display_name = "Teleskope Read Only User"
  project      = "{project_id}"
}

Grant Resource Manager Read Access to Teleskope Service Account

Grant the following resource manager permissions to the Teleskope service account you created above:

  • resourcemanager.projects.list

  • resourcemanager.projects.get

  • resourcemanager.folders.get

  • resourcemanager.folders.list

  • resourcemanager.organizations.get

  • compute.regions.list

If you are enabling CloudStorage, please add the following permissions as well:

  • storage.buckets.list

  • storage.buckets.getIamPolicy

Terraform

Variable
Description
Example

org_id

(Required) Your GCP Org ID

"130342390179"

resource "google_organization_iam_custom_role" "teleskope" {
  role_id     = "teleskope-resource-manager-ro"
  org_id      = "{org_id}"
  title       = "Teleskope"
  description = "teleskope resource manager read only role"
  permissions = ["resourcemanager.projects.list", "resourcemanager.projects.get", "resourcemanager.folders.get", "resourcemanager.folders.list", "resourcemanager.organizations.get", "compute.regions.list", "storage.buckets.list", "storage.buckets.getIamPolicy"]
}

resource "google_organization_iam_member" "teleskope-resource-manager-ro-role" {
  org_id  = "{org_id}"
  role    = google_organization_iam_custom_role.teleskope.name
  member = "serviceAccount:${google_service_account.teleskope.email}"
}

Configure Workload Identity Federation (Saas Only)

Teleskope Saas is run in an isolated AWS account. In order to grant Teleskope the ability to connect to GCP, you will need to configure workload identity federation.

Create Workload Identity Federation Pool

  • Name: teleskope-pool

  • Pool id : teleskope-pool

  • Provider:

    • Select Provider: AWS

    • Provider Name: teleskope-provider

    • AWS Account: {origin_aws_account_id}

Grant Access to Teleskope Service Account

Once pool is created, click Grant Access, and select the Teleskope service account you created above.

Terraform

Variable
Description
Example

origin_aws_account_id

(Required) AWS Account ID where Teleskope is deployed.

"012345678912"

project_id

(Required) Your GCP Project ID

"my-project-id"

resource "google_iam_workload_identity_pool" "teleskope-pool" {
	provider                  = google-beta
	display_name                       = "Teleskope AWS Pool"
	workload_identity_pool_id = "teleskope-pool"
  }
  
resource "google_iam_workload_identity_pool_provider" "teleskope-prov" {
	provider                           = google-beta
	workload_identity_pool_id          = google_iam_workload_identity_pool.teleskope-pool.workload_identity_pool_id
	workload_identity_pool_provider_id = "teleskope-provider"
	display_name                       = "Teleskope AWS Provider"
	description                        = "AWS identity pool provider for teleskope"
	disabled                           = false
	aws {
	  account_id = "{origin_aws_account_id}"
	}
	depends_on = [google_iam_workload_identity_pool.teleskope-pool]
  }

resource "google_project_iam_member" "teleskope-member" {
  project = {project}
  service_account_id = google_service_account.teleskope.name
  member = "principalSet://iam.googleapis.com/${google_iam_workload_identity_pool.teleskope-pool.name}/*"
  role    = "roles/iam.workloadIdentityUser"
}
PreviousSQSNextCloud Storage

Was this helpful?

Go to > Workload Identity Federation > Create Pool

https://console.cloud.google.com/