# Google Cloud

This topic describes how to set up P0's integration for Google Cloud Platform (GCP). It contains the following sections:

* [Prerequisites](#prerequisites)
* [Set up Google Cloud Integration](#set-up-google-cloud-integration)

{% hint style="info" %}
For fine-grained Kubernetes access in Google Kubernetes Engine (GKE), use the P0 [Kubernetes integration](https://docs.p0.dev/integrations/iam-integrations/kubernetes).
{% endhint %}

## Prerequisites

* Existing P0 account at [p0.app](https://p0.app/).
* Existing Google project(s) where you want to install P0.
* Permissions to create GCP roles and add IAM bindings to your Google project(s).
  * `iam.roleAdmin` (Role Admin)
  * `iam.securityAdmin` (Security Admin)
  * `orgpolicy.policyAdmin` (Organization Policy Admin). This is optional but recommended, to ensure your P0 integration for GCP is as secure as possible

{% hint style="info" %}
You may need to work with your organization's administrator for the relevant permissions.
{% endhint %}

## Set up Google Cloud Integration

{% hint style="info" %}
This setup takes about 10 minutes.
{% endhint %}

Google Cloud Integration requires these key setup steps:

1. [Set up your Organization](#set-up-your-organization)
2. [Install a Component](#install-a-component)
3. [Provision P0 Access](#provision-p0-access)

## Set up your Organization

You must set up your organization prior to GCP provisioning. To set up p0 for your GCP organization:

1. Retrieve your organization ID from GCP using one of the following methods:

   * Run the command `gcloud organizations list` in the [Google Cloud Console Shell](https://console.cloud.google.com).
   * Go to **IAM & Admin** > **Manage Resources**. You will find your organization ID listed under the ID field.

   <div align="center"><figure><img src="/files/8tMt6OcJtfo9j5WclwQJ" alt="" width="375"><figcaption></figcaption></figure></div>
2. Go to [p0.app](https://p0.app/) in your browser, navigate to **Integrations**, and select **Google Cloud**.

   <div align="center"><figure><img src="/files/hglAivvvqLyf1bKwQgoW" alt="" width="375"><figcaption></figcaption></figure></div>
3. Copy and paste your organization ID into the input field and click **Next**. This enables you to install components that fit your needs.

{% hint style="info" %}
If a previous Google Cloud integration is present, the field is disabled and pre-populated with the organization ID, so proceed to the next step.
{% endhint %}

<figure><img src="/files/etiGnEZT3cloBYyE3CJE" alt="" width="563"><figcaption></figcaption></figure>

### Install a Component

For this example, we’ll install an Identity and Access Management (IAM) component.

{% hint style="info" %}
The steps are similar for other components except IAM management. You need to install cloud run based[ IAM management security perimeter component](/integrations/resource-integrations/google-cloud/security-perimeter.md) before installing IAM management. Contact P0 support to skip installing security perimeter.
{% endhint %}

{% hint style="info" %}
Contact P0 support to use domain restricted sharing instead of cloud run based security perimeter.
{% endhint %}

To install an IAM component:

1. Choose the component you want to install (e.g. **IAM management**).

   <div align="center"><figure><img src="/files/85GYvjENrhTAK92NCl1G" alt="" width="563"><figcaption></figcaption></figure></div>
2. Click **Add project** to install a new project.

   <div align="left"><figure><img src="/files/A7ALu2BEPQ1dSvzOfZEN" alt="" width="563"><figcaption></figcaption></figure></div>
3. Enter your existing GCP project name into the **Project identifier** field and click **Next**.

   <div align="center"><figure><img src="/files/mdM9IDKStyr0nHvjg5Pa" alt="" width="563"><figcaption></figcaption></figure></div>
4. The resulting page will display GCP and Terraform commands to complete the installation.

   <figure><img src="/files/dsrUtXTdEbeWnWeIMdbi" alt="" width="563"><figcaption></figcaption></figure>

### Provision P0 Access

You can provision P0 IAM management Access using [Google Cloud Console Shell](https://console.cloud.google.com) or Terraform. For this example, we’ll use the GCP console shell.

{% hint style="info" %}
You must have access to your project for it to appear in your GCP account. Refer to the [Prerequisites](#prerequisites) for more info.
{% endhint %}

To provision access using the GCP shell:

1. Go to your [GCP account](https://console.cloud.google.com/) and select the project you want to provision.

   <div align="center"><figure><img src="/files/xBRb9TtdimJoy4iiuxX9" alt="" width="563"><figcaption></figcaption></figure></div>
2. Open **Cloud Shell Editor** from the left menu, or use the search bar.

   <div align="center"><figure><img src="/files/Lc3hZniUtgt6S37mpb4U" alt="" width="563"><figcaption></figcaption></figure></div>
3. Click **Open Terminal**. This is where you’ll enter your shell commands.

   <div align="center"><figure><img src="/files/hdM32F9x7hdz2pjKy5jR" alt="" width="563"><figcaption></figcaption></figure></div>
4. If your browser is logged into multiple Google accounts, enter the command `gcloud config set account email@email.com`, and replace `email@email.com` with your account email.
5. Use the copy button to copy the entire **Shell** command set.

   <div align="center"><figure><img src="/files/sm6OadFh1QjD8H4nMCd0" alt="" width="563"><figcaption></figcaption></figure></div>
6. Paste the commands into the terminal window and press `Return`.

   <div align="center"><figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXfByr4IXT0Uwy9M2UT1qJWw605-9tK5c93kMY7aW5PvoiL-VSKgzGk0bvSr3k_oqMDYTkFxNrLLBiTG_23bypgqNs7pdtLUJPnUHy852hmsCV1FkGJllUQm8ukLUc1jfLdeIx6AaQ?key=zEA3vLoGIkPfO9uJ54tDuqoq" alt="" width="563"><figcaption></figcaption></figure></div>

{% hint style="info" %}
If an Authorize window appears, click Authorize to grant permission.\ <img src="/files/awcaoAefNhR5cu2iL0xu" alt="" data-size="original">
{% endhint %}

7. Return to the configuration page and click **Next** to begin the installation process.

   <figure><img src="/files/1B5YMcKbVeJ7JkmkE5nA" alt="" width="563"><figcaption></figcaption></figure>
8. When the installation completes, click **Finish**.

   <div align="center"><figure><img src="/files/taaPMEqq5cPt4Wl0VQNR" alt="" width="563"><figcaption></figcaption></figure></div>

{% hint style="success" %}
Congratulations! You're now set up with P0 on Google Cloud.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.p0.dev/integrations/resource-integrations/google-cloud.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.