Google Cloud Platform (GCP)

  • 1 minute read
Prev Next

You can specify multiple GCP resolvers to resolve instances from multiple projects with proper IAM role configuration.

For GCP name resolvers to work, the Project will need compute.googleapis.com enabled.

Gateways will need Read Only Cloud Platform Cloud API access scopes enabled.

Cloud Platform access is enabled among various API access scopes listed.

How to configure IAM Roles

Create a service account for the project (Project A) where the Gateway is going to be deployed, and copy the email-id of the service account.

Now go to other project (Project B).

  • Navigate to the roles page.

    • Create new role with permissions > compute.instances.list, compute.forwardingRules.list  & resourcemanager.projects.get

    • Give it an appropriate name (e.g., ComputeInstancesReadRole)

  • Navigate to "IAM & admin" > "IAM" page.

    • Click the "Add" button.

    • In the "New members" field, paste the email-id of the service account (it should look like a strange email address).

    • Assign the custom role (ComputeInstancesReadRole) that you just created.

Now you can use the special name resolver syntax to define hosts in your Entitlements.

Related articles
  • Google Cloud Platform (GCP)
    Admin Guide > Admin Guide v6.7 > General administration > System configuration > Cloud API resolvers
  • Google Cloud Platform (GCP)
    Admin Guide > Admin Guide v6.5 > General administration > System configuration > Cloud API resolvers
  • Cloud Resolvers
    Admin Guide > Admin Guide v6.6 > Admin UI > System > Sites > Configure Sites