Skip to main content
Version: 2.4.1

Configure Google Cloud Platform Access

The Google Cloud Platform (GCP) collector is configured within the Resoto Worker configuration via the config command in Resoto Shell:

> config edit resoto.worker

Add gcp to the list of collectors by modifying the configuration as follows:

Resoto Worker configuration
resotoworker:
...
# List of collectors to run
collector:
- 'gcp'
...
...

Authentication

You can authenticate with Google Cloud Platform via service account JSON files or automatic discovery.

Service Account JSON Files

  1. Make your service account JSON file(s) available to Resoto at /home/resoto/.gcp:

    • Add volume definition(s) for each service account JSON file to the resotoworker service in docker-compose.yaml:

      docker-compose.yaml
      services:
      ...
      resotoworker:
      image: somecr.io/someengineering/resotoworker:2.4.1
      ...
      volumes:
      - <PATH TO SERVICE ACCOUNT JSON>:/home/resoto/.gcp/service-account-1.json
      - <PATH TO ANOTHER SERVICE ACCOUNT JSON>:/home/resoto/.gcp/service-account-2.json
      ...
      ...
    • Recreate the resotoworker container with the updated service definition:

      $ docker compose up -d
  2. Open the Resoto Worker configuration via the config command in Resoto Shell:

    > config edit resoto.worker
  3. Modify the gcp section of the configuration as follows, adding the paths to your service account JSON file:

    Resoto Worker configuration
    resotoworker:
    ...
    ...
    gcp:
    ...
    # GCP service account file(s)
    service_account:
    - /home/resoto/.gcp/service-account-1.json
    - /home/resoto/.gcp/service-account-2.json
    ...

Automatic Discovery

You can specify an empty string for the service account file, and Resoto will automatically discover the service account and all the projects it has access to.

  1. Open the Resoto Worker configuration via the config command in Resoto Shell:

    > config edit resoto.worker
  2. Modify the gcp section of the configuration as follows:

    Resoto Worker configuration
    resotoworker:
    ...
    ...
    gcp:
    ...
    # GCP service account file(s)
    service_account:
    - ''
    ...

Resource Collection

By default, Resoto performs resource collection each hour. To immediately trigger a collect run, use the workflow run command in Resoto Shell:

> workflow run collect

Once the collect run completes, you can view a summary of collected GCP resources using the following search:

> search is(gcp_resource) | count kind