Service account for the provisioning credential

The provisioning credential for Google Cloud relies on a service account that can be assumed by CDP.

The following flow describes how the Google Cloud provisioning credential works:

  1. Your GCP account administrator creates a service account and assigns the minimum permissions allowing CDP to create and manage resources in your Google Cloud account. Next, the administrator generates a service account access key pair for the service account.
  2. The service account is registered as a credential in CDP and its access key is uploaded to CDP.
  3. The credential is then used for registering your Google Cloud environment in CDP.
  4. Once this is done, CDP uses the credential for provisioning environment-related resources, workload clusters, and resources for other CDP services that you run in CDP.

Review the following to learn about the permissions required for the credential and how to create the service account: