Skip to main content
Skip table of contents

Managing Google Projects and Service Accounts in Cloudaware

This guide explains how to manage Google Projects and Service Accounts in Cloudaware CMDB to ensure accurate resource discovery and data collection.

After adding a Google service account to Cloudaware, configure how Cloudaware collects Google Resource Manager objects. Use the configuration panel in the Cloudaware CMDB to assign service accounts, control project visibility, and define any exclusions.

Service accounts

 

The Service Accounts tab displays a list of all added Google service accounts. To manage a service account, click the three-dot menu next to it:

Google Cloud Platform - Managing Projects and Service Accounts - Service accounts.png

Status

  • Green - Access to projects is ok

  • Yellow – No access to any organization

  • Red – Account not found as could be deleted in Google

 

Projects

 

The Projects tab lists Google projects discovered by Cloudaware and shows their operational state. Note that Lifecycle State is retrieved directly from GCE, while Status indicates the integration state in Cloudaware.

Google Cloud Platform - Managing Projects and Service Accounts - Projects.png

Lifecycle State (from Google)

  • Active – the project is active and being collected by Cloudaware

  • Delete Requested – the project deletion is requested in Google

Read more

 

Status

  • Green – Cloudaware has access to the resource

  • Grey – Cloudaware didn't collect the resource, possibly because it was deleted in Google

  • Warning (sign) – service accounts are not found for the project, or the project deletion was requested in Cloudaware CMDB

  • Red – access denied due to insufficient permissions, or a project is unreachable because it was deleted in Google

Table/Tree view

 

This tab supports two views: TABLE (default) and TREE:

  • TABLE view – shows a flat list of all discovered Google projects

  • TREE* view – displays a hierarchical structure of Google Resource Manager objects (organization, folders, and projects) available through the service accounts added to Cloudaware

    Google Cloud Platform - Managing Projects and Service Accounts - Projects - Table-Tree view.png

*Cloudaware must have access at the organization or folder level to display the GCP hierarchy in Tree view.

 

Assign service accounts

 

The Service Account Assignment column indicates how a service account is assigned to each object in the list. By default, all objects are in the none state and are not collected by Cloudaware:

Google Cloud Platform - Managing Projects and Service Accounts - Projects - Assign service accounts.png

For Cloudaware to collect a project:

  • Assign a service account to a parent object (folder or organization) to enable auto-collection for all child objects listed under this object

    Google Cloud Platform - Managing Projects and Service Accounts - Projects - Assign service accounts - parent.png

    Once a project is collected, its Service Account Assignment changes from none to inherited:

    Google Cloud Platform - Managing Projects and Service Accounts - Projects - Assign service accounts - parent - inherited.png

    Every project created under a parent object in the future will automatically inherit the 'Auto' state in Service Account Assignment.

    OR

  • Assign a service account manually to each project – click ASSIGN near the project and select the service account from the list of available ones

    Google Cloud Platform - Managing Projects and Service Accounts - Projects - Assign service accounts - manual.png

    Once the project is collected, its Service Account Assignment changes from none to manual.

 

Service Account Assignment States

  • none – no service account assigned

  • auto – assigned automatically from a parent object (applies to projects collected automatically)

  • manual – assigned manually (applies to folders or individual projects)

  • updated – temporary state assigned while updating service account assignments

  • inherited – being inherited from a parent, but the process is incomplete due to ongoing collection of child objects or a technical error*

*Error messages are received directly from Google Cloud. Resolve the issue in your Google Cloud Console, then refresh the page.

 

Assign/reassign options

 

Use the ASSIGN button to reassign or unbind a service account. Available actions:

  • Unbind and disable projects auto-creation – for organizations

  • Unbind and inherit from parent – for folders

  • Unbind and stop collecting* – for projects

    Here is an example of how to disable collection for a project that was manually assigned a service account:

    Google Cloud Platform - Managing Projects and Service Accounts - Projects - Assign service accounts - assign options.png

*This action sends a deletion request for the project. The project will be marked with the Delete Requested label in the Cloudaware CMDB.

IMPORTANT: If a service account is assigned to a higher-level object in the hierarchy, the removed project may be collected again. To prevent this, blacklist the project first in the Projects Blacklist tab (see the description below), then request its removal.

 

Projects Blacklist

 

The Projects Blacklist tab allows you to exclude specific projects from being collected.

  1. Click +ADD GOOGLE PROJECT EXCEPTION.

    Google Cloud Platform - Managing Projects and Service Accounts - Projects Blacklist - add exception.png

     

  2. Enter a regular expression (regex)* to define the filter logic.

    Google Cloud Platform - Managing Projects and Service Accounts - Projects Blacklist - exception details.png

In this example, ^sys-\d{26}$ is a regular expression that matches a 26-digit system-generated ID in Google Cloud. The regex is used to filter out system projects that are not relevant for customer inventory collection in the CMDB.

*Regexes apply to Project IDs, not project names.

Click SAVE.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close