Overview
Connect your GCP account to give TierZero access to your Google Cloud infrastructure. TierZero uses GCP integrations for cloud resource context and monitoring data.Prerequisites
- Administrative access to your GCP project
- Permission to create service accounts
Setup Instructions
Step 1: Navigate to Integration Settings
- Log into your TierZero dashboard
- Go to Settings → Integrations
- Click Connect next to GCP
Step 2: Create a Service Account
- In the GCP Console, go to IAM & Admin → Service Accounts
- Click Create Service Account
- Name it (e.g., “tierzero-integration”)
- Grant the required read-only roles
- Create a JSON key for the service account
Step 3: Enter Credentials
- Upload or paste the service account JSON key in TierZero
- Click Connect
What TierZero Accesses
- Cloud resource metadata: Project and resource configurations
- Monitoring data: See GCP Cloud Monitoring for detailed metrics and logs access
Security
- TierZero uses service account impersonation with minimal permissions
- Credentials are encrypted at rest
- Revoke access by deleting the service account or removing its key
Troubleshooting
Permission Errors
- Verify the service account has the required roles
- Check that the service account key has not been rotated or deleted