Set Up and Manage Google Cloud Service Account Access
On this page
Overview
Some Atlas features such as Data Federation require access to resources in your Google Cloud Storage environment. To grant access in a secure manner, create or update a Google Cloud Service Account with access policy.
Required Access
To configure customer key management, you must have Project Owner
access to the project.
Users with Organization Owner access must add themselves to the
project as a Project Owner.
Prerequisites
An Atlas account.
An Atlas
M10+cluster hosted on Google Cloud.
Set Up Google Cloud Service Account Access
You can set up a Google Cloud service account with access policy for your Atlas project from the Atlas Administration API or Atlas UI.
You can create a Google Cloud Service Account entirely from within the Atlas Data Federation UI.
In Atlas, go to the Project Integrations page.
If it's not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.
If it's not already displayed, select your desired project from the Projects menu in the navigation bar.
Next to the Projects menu, expand the Options menu, then click Integrations.
The Project Integrations page displays.
To create an Google Cloud service account with access policy for your
Atlas project through the API, send POST requests to
the cloudProviderAccess endpoint first with the ID of the
project for which you wish to create a service account and then
with the ID of the project and service account for which you
set up access. To learn more about the request path and body
parameters, see Create One Cloud Provider Access
Role and
Authorize One Cloud Provider Access Role.
View Authorized Google Cloud Service Accounts
You can view all Google Cloud service accounts for your Atlas project from the Atlas Administration API or Atlas UI.
In Atlas, go to the Project Integrations page.
If it's not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.
If it's not already displayed, select your desired project from the Projects menu in the navigation bar.
Next to the Projects menu, expand the Options menu, then click Integrations.
The Project Integrations page displays.
View the authorized Google Cloud service accounts.
The Google Cloud Service Account Access page displays. The page displays the list of service accounts configured for your project. For each service account, the page displays the following:
Field Name | Description |
|---|---|
Service Account | The ID of the service account. |
Created Date | The date when you created and associated the service
account with Atlas. |
Actions |
To view all the Google Cloud service accounts with access policy
for your Atlas project through the API, send a GET
request to the cloudProviderAccess endpoint with the ID of the
project. To learn more about the syntax and parameters to
include in the request, see Return All Cloud
Provider Access Roles.
View Authorized Google Cloud Service Account Details
You can view the details of an authorized Google Cloud Service Account from the Atlas Administration API or Atlas UI.
In Atlas, go to the Project Integrations page.
If it's not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.
If it's not already displayed, select your desired project from the Projects menu in the navigation bar.
Next to the Projects menu, expand the Options menu, then click Integrations.
The Project Integrations page displays.
Click the ellipsis () for the Service Account and select View Service Account Details from the dropdown.
Atlas displays the Service Account Details window. You can view and copy the following information about the authorized Service Account:
Field Name | Description |
|---|---|
Atlas GCP Service Account | The ID of the Atlas Google Cloud application. |
Service Account ID | The ID of the service account. |
To view a Google Cloud service account with access policy for your
Atlas project through the API, send a GET request to
the cloudProviderAccess endpoint with the ID of the
project. To learn more about the syntax and parameters to
include in the request, see Return specified
Cloud Provider Access Role.
Remove Authorized Google Cloud Service Account
You can't remove a Service Account that is currently in use. You can remove unused Google Cloud Service Accounts from the Atlas Administration API or Atlas UI.
In Atlas, go to the Project Integrations page.
If it's not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.
If it's not already displayed, select your desired project from the Projects menu in the navigation bar.
Next to the Projects menu, expand the Options menu, then click Integrations.
The Project Integrations page displays.
To remove an Google Cloud service account with access policy for your
Atlas project through the API, send a DELETE request to
the cloudProviderAccess
endpoint with the ID of the project, the name of the cloud
provider, and the ID of the service account that you wish to
remove. To learn more about the syntax and parameters to include
in the request, see
Deauthorize One Cloud Provider Access Role.