Watch the video below to learn how to create the custom ProsperOps role and validate read-only access to your Google Cloud environment. Detailed step-by-step instructions are included below as well.
This article assumes you are configuring ProsperOps access for a Savings Analysis using the ProsperOps Console onboarding flow.
- Navigate to the Google Cloud Console
⚠️ IMPORTANT NOTE: Be sure you are using a browser profile where you're authenticated with your corporate Google credentials, not your personal Gmail account.
Steps to Complete this Onboarding
1. Create custom ProsperOps role
2. Assign Billing Account permissions
3. Assign Detailed usage cost export permissions
4. Assign Pricing export permissions
5. Assign Organization permissions
Custom ProsperOps Role
- Return to the ProsperOps Console and click the Google Cloud IAM Roles link
- You will be taken to the IAM Roles page for your Google Cloud organization. Click the Create Role button.
- Enter the Title, Description, ID, and Role launch stage using the information provided in the ProsperOps Console. Click the Add Permissions button.
- Copy the first permission from the ProsperOps Console into the Filter field. Check the filtered permission to add it, clear the filter, and repeat. When all 7 permissions have been added, click the Add button.
- You should see all 7 permissions listed for the role. Click Create to finalize the role.
- Return to the ProsperOps Console and click the Role Created button.
Billing Account Access
Note that we refer to the service account as the principal name in the steps below.- Click the Google Cloud Billing Account link
- You will be taken to the Google Cloud Billing Account page. Click the Add Principal button.
- Copy the ProsperOps principal name from the ProsperOps Console and paste as the new principal name.
- Assign the Billing Account Viewer role, then click Save.
- Return to the ProsperOps Console and click Validate to confirm permissions have been configured properly.
Detailed Usage Cost Export Access
- Click the BigQuery link
- Referencing the information provided in the ProsperOps Console, expand the specified Project and Dataset, and select the specified Detailed Usage Cost table (note that this table includes the "v1" in the name). Click the Share button.
- Click the Add Principal button
- Copy the ProsperOps principal name from the ProsperOps Console and paste as the principal name.
- Assign the BigQuery Data Viewer role, then click Save.
- Return to the ProsperOps Console and click Validate to confirm permissions have been configured properly.
Pricing Export Access
- Click the BigQuery link
- Referencing the information provided in the ProsperOps Console, expand the specified Project and Dataset, and select the specified Pricing table. Click the Share button.
- Click the Add Principal button
- Copy the ProsperOps principal name from the ProsperOps Console and paste as the principal name.
- Assign the BigQuery Data Viewer role, then click Save.
- Return to the ProsperOps Console and click Validate to confirm permissions have been configured properly.
Organization Access
- Click the Google Cloud IAM link
- Click Grant Access
- Copy the ProsperOps principal name from the ProsperOps Console and paste as the principal name.
- Assign the ProsperOps role, then click Save.
- Return to the ProsperOps Console and click Validate to confirm permissions have been configured properly.
- Once organization access is validated, you are ready for a Savings Analysis! 🎊