Create and Associate Service Account Using Google Console

The crucial step is to create a service account at the project level, create a custom role and associate it to the service account. A role contains a set of permissions that allows API’s to perform specific actions on Google Cloud resources. The service account and custom role must be created under the project where Arcserve UDP agent is planned to be installed on the VSB Cloud proxy.

Follow these steps:

  1. On a web browser, login to Google cloud console as an administrator (the account which has admin privilege to create and manage users/projects/resources) using the following link:
  2. https://console.cloud.google.com/
  3. From the drop-down list at the top left of the page, select the project in which you want to set up the VSB cloud proxy.
  4. If you do not have a project already, click New Project to create a new project.
  5. Enter the values for project name, organization and location and click CREATE.
  6. After creating the project, select the project on the resource selection wizard menu mentioned in step 2.
  7. Verify that the desired project dashboard is shown after the project is selected.
  8. From the left navigation menu, select IAM and Admin followed by Roles.
  9. Click CREATE ROLE.
  10. The Create Role page is displayed.
  11. Enter a Name, Title, Description, and Role launch stage for the role.
  12. Note: The role name cannot be changed once it is created.

  13. Click Add Permissions.
  14. Select the 69 permissions listed below to include in the role and click Add Permissions.
  15. Use filters to list compute or storage related permissions required here. Filters can be added like compute.disks.* press enter key which will list all permissions under compute.disks. We can also add OR between filters like, compute.disks.* press enter key and input OR press enter key and start inputting another filter like compute.instances.* and press enter key. In this way all required permissions can be deleted and ADD key can be pressed.
  16. Click CREATE.
  17. From the left navigation menu, select IAM and Admin followed by Service Accounts.
  18. Click CREATE SERVICE ACCOUNT.
  19. Enter a Name, ID, and Description, then click CREATE AND CONTINUE.
  20. Under “Grant this service account access to project” select the role that you created in steps 5-7.
  21. Skip the next step and click DONE.
  22. The service account for the desired project is listed in the Service Accounts page.
  23. Now click the Email for the desired service account.
  24. The Service account details page is displayed.
  25. Select the KEYS tab.
  26. Click ADD KEY, followed by CREATE NEW KEY.
  27. Select JSON as the key type, then click CREATE.
  28. A JSON key file will be created and downloaded; use this JSON file in UDP (in Add cloud account wizard for GCP).