> For the complete documentation index, see [llms.txt](https://docs.sprinto.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sprinto.com/integrations/overview/google-cloud-platform.md).

# Google Cloud Platform

Copy and execute the below bash code on the Google Cloud shell terminal. The below script creates a service account with the name sprinto-serviceaccount and grants the Security Reviewer role, helping Sprinto to have the required read-only access to the API resources.

```
WORKLOAD_IDENTITY_POOL="sprinto-wif-pool"WORKLOAD_IDENTITY_PROVIDER="sprinto-wif-pool-provider"SERVICE_ACCOUNT_NAME="sprinto-serviceaccount"ISSUER_URI="<https://dev-38645452.okta.com/oauth2/default>"ALLOWED_AUDIENCES=0oal5uhgk92pO42cY5d7ATTRIBUTE_MAPPING="google.subject=assertion.sub, attribute.username=assertion.preferred_username"OKTA_USER_SUB="00ul37olt68rdNOfX5d7"PROJECT_IDS=("gcp-project12312" "gcp-project2212")ROLE1="roles/compute.viewer"  ROLE2="roles/iam.securityReviewer"currentproject=gcp-project12312CURR_PROJECT_NUMBER=1212122# Creating Workload Identity Poolgcloud iam workload-identity-pools create "$WORKLOAD_IDENTITY_POOL" \\  --location="global" \\  --display-name="Sprinto GCP Identity Pool"# Creating Workload Identity Provider Poolgcloud iam workload-identity-pools providers create-oidc "$WORKLOAD_IDENTITY_PROVIDER" \\  --workload-identity-pool="$WORKLOAD_IDENTITY_POOL" \\  --location="global" \\  --display-name="Sprinto GCP Provider" \\  --issuer-uri="$ISSUER_URI" \\  --allowed-audiences="$ALLOWED_AUDIENCES" \\  --attribute-mapping="$ATTRIBUTE_MAPPING"# Creating Service Accountgcloud iam service-accounts create "$SERVICE_ACCOUNT_NAME" \\  --display-name="Sprinto GCP Service Account"\\  --description="Sprinto uses this to monitor production GCP resources."# Looping through each project and assign roles to the service accountfor i in "${!PROJECT_IDS[@]}"; do  PROJECT_ID="${PROJECT_IDS[$i]}"  echo "Processing Project: $PROJECT_ID"  # Assigning roles to service account  gcloud projects add-iam-policy-binding "$PROJECT_ID" \\    --member="serviceAccount:${SERVICE_ACCOUNT_NAME}@$currentproject.iam.gserviceaccount.com" \\    --role="$ROLE1"  gcloud projects add-iam-policy-binding "$PROJECT_ID" \\    --member="serviceAccount:${SERVICE_ACCOUNT_NAME}@$currentproject.iam.gserviceaccount.com" \\    --role="$ROLE2"  # Adding Policy Binding for Workload Identity Federation    gcloud iam service-accounts add-iam-policy-binding "${SERVICE_ACCOUNT_NAME}@$currentproject.iam.gserviceaccount.com" \\    --role="roles/iam.workloadIdentityUser" \\    --member="principal://iam.googleapis.com/projects/${CURR_PROJECT_NUMBER}/locations/global/workloadIdentityPools/${WORKLOAD_IDENTITY_POOL}/subject/${OKTA_USER_SUB}"  # Enabling services    gcloud services enable cloudresourcemanager.googleapis.com compute.googleapis.com pubsub.googleapis.com logging.googleapis.com iam.googleapis.com serviceusage.googleapis.com spanner.googleapis.com bigquery.googleapis.com bigtable.googleapis.com firebase.googleapis.com datastore.googleapis.com file.googleapis.com sqladmin.googleapis.com storage-component.googleapis.com containerregistry.googleapis.com cloudapis.googleapis.com container.googleapis.com servicemanagement.googleapis.com stackdriver.googleapis.com   done
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/integrations/overview/google-cloud-platform.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.