Begin by enabling the following APIs:
- Google Identity and Access Management (IAM) API
- Cloud Resource Manager API
1. Open GCP Console and select a project.
2. Go to API & Services > Dashboard.
3. Click on "ENABLE APIS AND SERVICES" in the top action toolbar.
4. Search for "Google Identity and Access Management (IAM) API"
5. Click on the "Google Identity and Access Management (IAM) API" card and then "ENABLE".
6. Go back and Search for "Cloud Resource Manager API"
7. Click on the "Cloud Resource Manager API" card and then "ENABLE".
Create service account
1. While on the previously selected project, Go to IAM & admin > Service accounts.
2. Click on "CREATE SERVICE ACCOUNT" in the top action toolbar.
3. Name your service account, check "Furnish a new private key" and click CREATE.
4. Copy the service account ID.
5. The service account key will be saved to your disk, we will use it later.
Create organizational role
1. Go to GCP Roles Management.
2. The roles page for your organization should open. You can verify that by the title: 'Roles for "domain.com" organization'.
3. Click on "CREATE ROLE" in the top action toolbar.
- If you can not create role, make sure you have "Organization Role Admin" permissions and then try again.
4. Give a title for the new role: "reOptimize Role"
5. You can leave the default description, or describe the role as you see fit.
6. Give an ID for the new role. For the sake of simplicity, please enter "reoptimize" (CASE-SENSITIVE).
7. Select "General Availability" In the Role launch stage.
8. Click on "ADD PERMISSIONS" and add the following permissions:
See the permissions article to understand how and why each permission is needed and used by reOptimize.
9. Make sure all of the above permissions are checked and click "ADD".
10. Click "CREATE" to complete the role creation.
11. Find the new role that we have just created in the list and click on it. On the top of the Role description, copy the full role ID in the form of "organizations/ORG_ID/roles/reoptimize".
Assigning the organizational role to the service account:
1. While still in your organization console, go to IAM & admin > IAM.
2. Verify that you are on the organization IAM page by reading the title 'Permissions for organization "domain.com"'.
3. Click on "ADD" in the top action toolbar.
4. Paste the service account ID that we have created in the first step.
5. Select "reOptimize Role" that we have created in the previous step.
6. Click "SAVE".
1. Login to reOptimize.
2. On the top right, click on your name and select "Company Settings".
3. Select the "Enrichments" tab.
4. Click on "Upload Key" and select the .json file we have downloaded in the first step.
5. Paste the full role ID you copied in the previous step.
6. Click "SAVE".