Set up Google Cloud NetApp Volumes
Suggest changes
PDFs
The NetApp Console needs the right permissions through a Google Cloud service account.
Complete the following tasks so that the NetApp Console can access your Google Cloud project.
-
If you do not already have an existing service account, create a new one.
-
Grant access for impersonation.
-
Grant the IAM role in the shared project.
Set up a service account
-
In the Google Cloud console, go to the Service accounts page.
-
Click Select a project, choose your project, and click Open.
-
To create a service account, do the following:
-
Click Create service account.
-
Enter the service account name (friendly display name) and description.
The Google Cloud Console generates a service account ID based on this name. Edit the ID if necessary - you cannot change the ID later.
-
Click Create and continue.
-
From the Role list, select the Google Cloud NetApp Volumes admin or Google Cloud NetApp viewer role.
-
Select Continue.
-
Grant impersonation access to this service account: credentials-sa@wf-production-netapp.iam.gserviceaccount.com. For details, see Create a self-signed JSON Web Token (JWT).
-
Click DONE at the bottom of the page, and continue to the next step.
-
Shared VPC
In each additional GCP project that will use the service account, do the following:
-
In the IAM page, select the Shared VPC host project from the project dropdown menu.
-
Click Add Principal.
-
In the New principals field, enter the email address of your service account.
-
From the Select a role dropdown, choose the Google Cloud NetApp Volumes admin role.
-
Click Save.
For detailed steps, refer to Google Cloud documentation:
Troubleshooting
If you encounter an error, the iam.disableCrossProjectServiceAccountUsage policy might be enforced. To fix this, do the following:
-
In the Google Cloud console, go to the Organization policies page.
-
Find the Disable cross-project service account usage policy and disable it.