# Connecting to GCP

## Prerequisites

1. A valid [Google Cloud Project ID](https://cloud.google.com/resource-manager/docs/creating-managing-projects).
2. A [Bluebricks collection](https://github.com/bluebricks-dev/Bluebricks-Documentation/blob/main/getting-started/create-an-environment.md).

{% hint style="info" %}
Bluebricks uses **workload identity federation** to connect to GCP: no static service account keys are required. Bluebricks creates a dedicated service account per project and authenticates through Google's identity federation.
{% endhint %}

## Step 1: Connect GCP in Bluebricks

### Using the app

1. Click **"Connect Cloud"** on the collection you want to link to **GCP**

   <figure><img src="/files/MEtqrNNpvNIs1eMFEdaw" alt=""><figcaption></figcaption></figure>
2. Select **GCP** as the **Cloud Provider**

   <figure><img src="/files/OWOZcRuHX8BXbQkWkwtn" alt=""><figcaption></figcaption></figure>
3. Choose an existing **Project ID** or click **"New Project"**
4. If creating a **New Project**, enter the **Google Cloud Project ID**

   <figure><img src="/files/jRpZSTdgFJscDk0KEIv5" alt=""><figcaption></figcaption></figure>
5. Click **"Connect & Create"** to complete the setup

### Using the API

Use the [Cloud Accounts API](https://bluebricks.co/docs/api/reference/cloud-accounts) to create a cloud account. Pass the Google Cloud Project ID as `accountId`.

## Step 2: Grant Service Account Permissions

{% hint style="warning" %}
Bluebricks **recommends** using a **unique Service Account email** for each project to enhance security and enforce granular access control.
{% endhint %}

{% hint style="info" %}
Bluebricks **also recommends** assigning the **Editor** role to the Service Account for the project to ensure it has the required permissions to manage resources effectively.
{% endhint %}

1. App only: Choose Edit on the collection options

   <figure><img src="/files/9khR7LT2J5jEsggT5Qxz" alt=""><figcaption></figcaption></figure>
2. Copy Bluebricks Service Account (It is in the API output if the API was used to connect GCP)

   <figure><img src="/files/pwngIGChpgjnT4ajEtRa" alt=""><figcaption></figcaption></figure>
3. Navigate to <https://console.cloud.google.com/>
4. Click the "Search (/) for resources, docs, products and more" field, type "IAM" and click it

   <figure><img src="/files/X1WQSOtDsfbBpQt7Sneo" alt=""><figcaption></figcaption></figure>
5. Click "Grant access"

   <figure><img src="/files/aJfIhyC7AY5h2AzVoBmi" alt=""><figcaption></figcaption></figure>
6. Click the "New principals" field
7. Paste or type the Service Account Email created by Bluebricks

   <figure><img src="/files/ugQxMGoBNmETPWR2OQV3" alt=""><figcaption></figcaption></figure>
8. Under "Assign roles", choose "Select a role"

   <figure><img src="/files/SgvNtJz0UEwIfv76m5di" alt=""><figcaption></figcaption></figure>
9. Click "Editor"

   <figure><img src="/files/LQDUundOEjef4IiOEM39" alt=""><figcaption></figcaption></figure>
10. Click "Save"

    <figure><img src="/files/XEyvMnaAjlhaLTsw02mi" alt=""><figcaption></figcaption></figure>

## Next steps

* [Connect your Cloud](/docs/getting-started/connect-your-cloud.md): overview of all cloud connection types
* [CLI Reference: bricks clouds](/docs/bricks-cli/cli-reference/bricks_clouds.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://bluebricks.co/docs/getting-started/connect-your-cloud/how-to-connect-gcp.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.