Skip to main content

GCP Setup

GCP currently supports two connection methods in the app:
  • Keyless impersonation
  • Service account key upload
Use impersonation unless you have a hard reason not to. The product’s impersonation flow uses this platform service account: cloudgeni-platform-sa@cloudgeni-production.iam.gserviceaccount.com Minimal setup: 
export PROJECT_ID="your-project-id"
export CLOUDGENI_SA="cloudgeni-access@$PROJECT_ID.iam.gserviceaccount.com"

gcloud iam service-accounts create cloudgeni-access \
  --display-name="CloudGeni Access" \
  --project=$PROJECT_ID

gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member="serviceAccount:$CLOUDGENI_SA" \
  --role="roles/viewer"

gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member="serviceAccount:$CLOUDGENI_SA" \
  --role="roles/serviceusage.serviceUsageConsumer"

gcloud iam service-accounts add-iam-policy-binding $CLOUDGENI_SA \
  --member="serviceAccount:cloudgeni-platform-sa@cloudgeni-production.iam.gserviceaccount.com" \
  --role="roles/iam.serviceAccountTokenCreator" \
  --project=$PROJECT_ID

Fallback Path: Service Account Key

The app still supports a service account key upload flow, but it is a weaker long-lived credential model. Use it only if the impersonation pattern is not viable in your environment.

After Connect

Once the project is connected:

Next

Connect Cloud

Return to the shared cloud setup page.

Cloud Resource Import

Start turning discovered resources into repository changes.