GCP Resource Manager - User Guide

In this article, you will understand step by step how to easily integrate Scytale with GCP Resource Manager


For this integration the steps are the same as the General GCP integrations steps. However, we need to gather information about organizations and their associated projects for Resource Manager, requiring additional permissions to be assigned. This is outlined in an extra step (Step 3).

Step 1: Verify Google APIs are enabled 

Step 2: Create service account within GCP Console

  • Go to IAM & Admin
  • Select Service Accounts
  • Click on "Create service account"

  • Fill in the details:
    • Phase 1 - Service account details

      • Service account name - GCP-integrations
      • Service account ID - after writing the service account name, this field is automatically filled in. Click "Create and continue"

    • Phase 2 - Grant service account access to the following roles:
      • Cloud SQL Viewer
      • Storage Object Viewer
      • Storage Insights Viewer
      • Compute Viewer
      • Security Reviewer
    • Phase 3 - Grant users access to this service account (optional) - No need to fill
  • Click on "Done"

Step 3: Assign service account Organization permissions (An extra step only for GCP Resource Manager)

  • Go to IAM & Admin
  • Choose IAM (ensure you select the organization option, not a project).

  • Click Grant Access
  • Fill in the details:
    • New principals - service account email
    • Select a role - Access Transparency Admin
      The following permissions will be used:
      • axt.labels.get
      • axt.labels.set
      • resourcemanager.organizations.get
      • resourcemanager.projects.get
      • resourcemanager.projects.list

  • Click Save

Step 4: Generate JSON file

  • Go to IAM & Admin
  • Select Service Accounts. You can see the list of all the service accounts that you have
  • Select the service account that you created in the previous step - GCP-integrations
  • Go to the "Keys" tab

  • Click on "Add Key" and select the "Create new key" option
  • In "Key type", select JSON and "Create"
  • Keep the download JSON for Scytale connection

Step 5: Log in to the Scytale web app

  • Click on the "Integrations" menu screen to the left
  • Click on "Connect" to GCP Resource Manager
  • Click on "Upload JSON File" and attach the JSON you have generated in GCP console. 
    • Once you upload the file, the necessary fields will be automatically populated from the JSON for you 🎉
  • Connection Name - is used to differentiate between your connections.
  • Click on Connect

GCP Resource manager

Congrats, you are done! 🎉