Connecting to GCP

Step-by-step guide to connect a Google Cloud Project to a Bluebricks collection using workload identity federation

Prerequisites

A valid Google Cloud Project ID.
A Bluebricks collection.

Bluebricks uses workload identity federation to connect to GCP: no static service account keys are required. Bluebricks creates a dedicated service account per project and authenticates through Google's identity federation.

Step 1: Connect GCP in Bluebricks

Using the app

Click "Connect Cloud" on the collection you want to link to GCP
Select GCP as the Cloud Provider
Choose an existing Project ID or click "New Project"
If creating a New Project, enter the Google Cloud Project ID
Click "Connect & Create" to complete the setup

Using the API

Use the Cloud Accounts API to create a cloud account. Pass the Google Cloud Project ID as accountId.

Step 2: Grant Service Account Permissions

Bluebricks recommends using a unique Service Account email for each project to enhance security and enforce granular access control.

Bluebricks also recommends assigning the Editor role to the Service Account for the project to ensure it has the required permissions to manage resources effectively.

App only: Choose Edit on the collection options
Copy Bluebricks Service Account (It is in the API output if the API was used to connect GCP)
Navigate to https://console.cloud.google.com/
Click the "Search (/) for resources, docs, products and more" field, type "IAM" and click it
Click "Grant access"
Click the "New principals" field
Paste or type the Service Account Email created by Bluebricks
Under "Assign roles", choose "Select a role"
Click "Editor"
Click "Save"