# Google Cloud

This topic describes how to set up P0's integration for Google Cloud Platform (GCP). It contains the following sections:

* [Prerequisites](#prerequisites)
* [Set up Google Cloud Integration](#set-up-google-cloud-integration)

{% hint style="info" %}
For fine-grained Kubernetes access in Google Kubernetes Engine (GKE), use the P0 [Kubernetes integration](https://docs.p0.dev/integrations/iam-integrations/kubernetes).
{% endhint %}

## Prerequisites

* Existing P0 account at [p0.app](https://p0.app/).
* Existing Google project(s) where you want to install P0.
* Permissions to create GCP roles and add IAM bindings to your Google project(s).
  * `iam.roleAdmin` (Role Admin)
  * `iam.securityAdmin` (Security Admin)
  * `orgpolicy.policyAdmin` (Organization Policy Admin). This is optional but recommended, to ensure your P0 integration for GCP is as secure as possible

{% hint style="info" %}
You may need to work with your organization's administrator for the relevant permissions.
{% endhint %}

## Set up Google Cloud Integration

{% hint style="info" %}
This setup takes about 10 minutes.
{% endhint %}

Google Cloud Integration requires these key setup steps:

1. [Set up your Organization](#set-up-your-organization)
2. [Install a Component](#install-a-component)
3. [Provision P0 Access](#provision-p0-access)

## Set up your Organization

You must set up your organization prior to GCP provisioning. To set up p0 for your GCP organization:

1. Retrieve your organization ID from GCP using one of the following methods:

   * Run the command `gcloud organizations list` in the [Google Cloud Console Shell](https://console.cloud.google.com).
   * Go to **IAM & Admin** > **Manage Resources**. You will find your organization ID listed under the ID field.

   <div align="center"><figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-809bb0b70982eeef3f2db598b329ffa14c96efeb%2Fimage.png?alt=media" alt="" width="375"><figcaption></figcaption></figure></div>
2. Go to [p0.app](https://p0.app/) in your browser, navigate to **Integrations**, and select **Google Cloud**.

   <div align="center"><figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-6c3909bdc985c60a5c947eefe40e29a71a0887ca%2Fimage.png?alt=media" alt="" width="375"><figcaption></figcaption></figure></div>
3. Copy and paste your organization ID into the input field and click **Next**. This enables you to install components that fit your needs.

{% hint style="info" %}
If a previous Google Cloud integration is present, the field is disabled and pre-populated with the organization ID, so proceed to the next step.
{% endhint %}

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-317fa328037fa0b965360deee1e42ae313fcdee4%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

### Install a Component

For this example, we’ll install an Identity and Access Management (IAM) component.

{% hint style="info" %}
The steps are similar for other components except IAM management. You need to install cloud run based[ IAM management security perimeter component](https://docs.p0.dev/integrations/resource-integrations/google-cloud/security-perimeter) before installing IAM management. Contact P0 support to skip installing security perimeter.
{% endhint %}

{% hint style="info" %}
Contact P0 support to use domain restricted sharing instead of cloud run based security perimeter.
{% endhint %}

To install an IAM component:

1. Choose the component you want to install (e.g. **IAM management**).

   <div align="center"><figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-6776b142574b1c45cfac406e0335bcc4c840c779%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure></div>
2. Click **Add project** to install a new project.

   <div align="left"><figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-142d234d1eee18bdd3db27167eb7694050b9fe3a%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure></div>
3. Enter your existing GCP project name into the **Project identifier** field and click **Next**.

   <div align="center"><figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-98fffda70192aeabaac7334f69e9ca90c0b365d1%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure></div>
4. The resulting page will display GCP and Terraform commands to complete the installation.

   <figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-b1f617333919087ed8e03f84d7c47987160247db%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

### Provision P0 Access

You can provision P0 IAM management Access using [Google Cloud Console Shell](https://console.cloud.google.com) or Terraform. For this example, we’ll use the GCP console shell.

{% hint style="info" %}
You must have access to your project for it to appear in your GCP account. Refer to the [Prerequisites](#prerequisites) for more info.
{% endhint %}

To provision access using the GCP shell:

1. Go to your [GCP account](https://console.cloud.google.com/) and select the project you want to provision.

   <div align="center"><figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-db6a171b39bba18bb2baec0361efe5aba0c90097%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure></div>
2. Open **Cloud Shell Editor** from the left menu, or use the search bar.

   <div align="center"><figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-a3d9625680bdef76fbb9b9cc7f71acd753da5331%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure></div>
3. Click **Open Terminal**. This is where you’ll enter your shell commands.

   <div align="center"><figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-725ab10cebc8c4c59933c4950b232d6ac2fb6e6a%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure></div>
4. If your browser is logged into multiple Google accounts, enter the command `gcloud config set account email@email.com`, and replace `email@email.com` with your account email.
5. Use the copy button to copy the entire **Shell** command set.

   <div align="center"><figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-0ae704fa63ba80247985a7c045a595567a810c64%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure></div>
6. Paste the commands into the terminal window and press `Return`.

   <div align="center"><figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXfByr4IXT0Uwy9M2UT1qJWw605-9tK5c93kMY7aW5PvoiL-VSKgzGk0bvSr3k_oqMDYTkFxNrLLBiTG_23bypgqNs7pdtLUJPnUHy852hmsCV1FkGJllUQm8ukLUc1jfLdeIx6AaQ?key=zEA3vLoGIkPfO9uJ54tDuqoq" alt="" width="563"><figcaption></figcaption></figure></div>

{% hint style="info" %}
If an Authorize window appears, click Authorize to grant permission.\ <img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-044d94270e13b9b318c70d763439a9d006f1b93a%2Fimage.png?alt=media" alt="" data-size="original">
{% endhint %}

7. Return to the configuration page and click **Next** to begin the installation process.

   <figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-5295b3e999ce1d5b5cf1e40be1afc2e7b0c3d355%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure>
8. When the installation completes, click **Finish**.

   <div align="center"><figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-283b99d34debf39fd49473e7deed8b3ae582dc83%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure></div>

{% hint style="success" %}
Congratulations! You're now set up with P0 on Google Cloud.
{% endhint %}