Set up the GCP Service Account and Configure Google Cloud SDK

In this exercise, we will install Google Cloud SDK, configure Google Cloud account to create a service account and use the credentials to create infrastructure using Terraform.

  1. Before you install the gcloud CLI, update the packages:
sudo apt-get update
  1. Install the curl and apt-transport-https packages:
sudo apt-get install apt-transport-https ca-certificates gnupg curl
  1. Import the Google Cloud public key:
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor
-o /usr/share/keyrings/cloud.google.gpg
  1. Add the gcloud CLI distribution URI as a package source:
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg]
https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a
/etc/apt/sources.list.d/google-cloud-sdk.list
  1. Update and install the gcloud CLI:
sudo apt-get update && sudo apt-get install google-cloud-cli
  1. After installing the SDK, initialize it by running the following command and follow the prompts:
gcloud init
Welcome! This command will take you through the configuration of gcloud.
Your current configuration has been set to: [default]
You can skip diagnostics next time by using the following flag:
gcloud init --skip-diagnostics
Network diagnostic detects and fixes local network connection issues.
Checking network connection...done.
Reachability Check passed.
Network diagnostic passed (1/1 checks passed).
Choose the account you would like to use to perform operations for this
configuration:
Follow the prompts and enter your project details accordingly.
  1. Create a Service Account:

You’ll need to create a service account in your Google Cloud project. This service account will be used by applications and scripts to authenticate with Google Cloud APIs.

  • Go to the Google Cloud Console: https://console.cloud.google.com/
  • Navigate to IAM & Admin > Service accounts.
  • Click on “Create service account” and follow the prompts to create a new service account.
  • Grant the necessary permissions to the service account. At a minimum, you’ll need the “Owner” role, but you can adjust permissions based on your requirements.
  • After creating the service account, download the JSON key file associated with it. This file will be used for authentication.
  1. Set Up Environment Variables: Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to point to the JSON key file you downloaded:
export GOOGLE_APPLICATION_CREDENTIALS="/root/serviceaccount.json"
  1. Verify Authentication: To verify that authentication is set up correctly, you can run a simple command using the Google Cloud SDK:
gcloud auth list