Set up a cloud account and service account for Google Cloud Platform

A service account is a secure record on your instance that stores the credential and access information for your provider account. Discovery uses the information to access your provider account to get data on each resource in each specified datacenter. A cloud account is the logical representation in Cloud Provisioning and Governance of all or part of your managed cloud infrastructure. A cloud account can include multiple service accounts — even service accounts from different providers. For each service account, you specify which datacenters to include in the cloud account.

Before you begin

Role required: none

  • Download and activate the Google Cloud Connector or Cloud Provisioning and Governance: Terraform Connector from the ServiceNow® Store.
  • Operations in the Google Cloud Console require the Google administrator role.
  • Operations in Cloud Provisioning and Governance require the sn_cmp.cloud_admin role.

About this task

When you finish the Day-1 setup process, your cloud account might look like this:
Figure 1. Structure of a cloud account on Day 1
Structure of a cloud account on Day 1

Procedure

  1. On the Cloud Admin Portal, navigate to Manage > Cloud Accounts.
  2. Select or create the cloud account:
    • Select an existing cloud account:
      1. On the Cloud Account page, click Configure.
      2. On the General Information page, click Next and then continue with the next step.
    • Create a cloud account:
      1. On the General Information page, click New and then enter a unique and meaningful Name and Description for the cloud account.
      2. Select the provider.
      3. Click Next and then continue with the next step.
  3. On the Datacenters page, create a service account: Click the + next to the Service Account field, and then fill in the form for the service account.
  4. From the JSON key file that is associated with the service account, copy/paste the project_id value into the Account ID field.
    Copy the project_id value into the Account ID field
  5. In the Discovery credentials field, select the appropriate credentials for the service account.
    These are the credentials that you generated in the Specify the credentials that Google Cloud uses to access Google Cloud Platform data procedure.
  6. Leave the Datacenter URL field blank.
  7. Fill in the remaining fields:
    Field Description
    Datacenter type Select Google Cloud Platform Datacenter.
    Datacenter discovery status Select Google Cloud Platform Datacenter.
    Should pull events Enables Cloud Provisioning and Governance to collect events from resource types in Google Project LDCs in the sn_cmp_cloud_event_list .
  8. Click Submit to create the service account.
  9. Click Discover Datacenters.
  10. When the datacenters appear, select one or more datacenters to include in the cloud account and then click Save.
    Note:
    • Select only those LDCs/Regions where your infrastructure resources are present. If you don't have any resources under these new data centers, exclude them while you run the full discovery.
    • To discover resources in regions/ LDCs such as, North America(US East, US West and Canada Central), South America, Europe, Africa, Middle East and Asia Pacific, raise an access request to the required endpoints with GCP Support.
    The Cloud Account dashboard appears. The datacenters that you selected appear on the Datacenters tab.
  11. Click a datacenter.
    The following lists appear:
  12. Repeat the process to add as many service accounts as needed.

What to do next

After you complete all procedures in this initial "Day 1" setup, you can create additional cloud accounts and service accounts to organize and compartmentalize your cloud infrastructure.