Set up a cloud
account and service
account for Google Cloud
Platform
Release version: Xanadu
Updated August 1, 2024
3 minutes to read
A service
account is a secure record on your instance that stores the credential and access information for your provider account. Discovery uses the information to access your provider account to get data on each resource in each specified datacenter.A cloud
account is the logical representation in Cloud Provisioning and Governance of all or part of your managed cloud infrastructure. A cloud
account can include multiple service
accounts — even service
accounts from different providers. For each service
account, you specify which datacenters to include in the cloud
account.
Before you begin
Role required: none
Download and activate the Google Cloud Connector from the ServiceNow® Store.
Operations in the Google Cloud
Console require the Google administrator role.
Operations in Cloud Provisioning and Governance require the
sn_cmp.cloud_admin role.
About this task
When
you finish the Day-1 setup process, your cloud
account might look like this:Figure 1. Structure of a cloud account on Day 1
Procedure
On the Cloud Admin Portal, navigate to Manage > Cloud Accounts.
Select or create the cloud
account:
Select an existing cloud
account:
On the Cloud Account page, click
Configure.
On the General Information page, click Next
and then continue with the next step.
Create a cloud
account:
On the General Information page, click New
and then enter a unique and meaningful Name
and Description for the cloud
account.
Select the provider.
Click Next and then continue with the next
step.
On the Datacenters page, create a service
account: Click the + next to the Service
Account field, and then fill in the form for the service
account.
From the JSON key file that is associated with the service
account, copy/paste the project_id value into the
Account ID field.
In the Discovery credentials field, select the appropriate credentials for the service
account.
These are the credentials that you generated in the Specify the credentials that Cloud Provisioning and Governance: Google Cloud Connector uses to access Google Cloud Platform data procedure.
Leave the Datacenter URL field blank.
Fill in the remaining fields:
Field
Description
Datacenter type
Select Google Cloud Platform
Datacenter.
Datacenter discovery
status
Select Google Cloud Platform
Datacenter.
Should pull events
Enables Cloud Provisioning and Governance to collect
events from resource types in Google Project LDCs in the
sn_cmp_cloud_event_list .
Click Submit to create the service
account.
Click Discover Datacenters.
When the datacenters appear, select one or more datacenters to include in the
cloud
account and then click Save.
Note:
Select only those LDCs/Regions where your infrastructure resources are present. If you don't have any resources under these new data centers, exclude them while you run the full discovery.
To discover resources in regions/ LDCs such as, North America(US East, US West and Canada Central), South America, Europe, Africa, Middle East and Asia Pacific, raise an access request to the required endpoints with GCP Support.
The Cloud Account dashboard appears. The datacenters that you selected
appear on the Datacenters tab.
Click a datacenter.
The following lists appear:
Resources: Cloud resources for the current
datacenter. Run Discovery to populate the CMDB for the datacenter and
populate the tab. See Discover all datacenters in a service account on-demand.
Capacity Limits: Limits on virtual CPUs, virtual
networks, storage volume size, and other services. See Set capacity limits on user requests for resources.
Discovery Log: The process creates a log record
for each action associated with a discovery status.
Repeat the process to add as many service
accounts as needed.
What to do next
After you complete all procedures
in this initial "Day 1" setup, you can create additional cloud
accounts and service
accounts to organize and compartmentalize your cloud infrastructure.
