Fortinet black logo

GCP Administration Guide

Home FortiGate Public Cloud 6.4.0 GCP Administration Guide

Creating a GCP service account

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID 62d32ecf-687f-11ea-9384-00505692583a:255828
Download PDF

Creating a GCP service account

This topic describes how to create a GCP service account and an API key pair, and provides guidelines on how to edit the private key for use in FortiOS. If you enabled metadata Identity and Access Management (IAM) in Configuring GCP SDN Connector using service account, you do not need to create a service account.

To create a GCP service account:
  1. Log into the GCP Compute Portal.
  2. Go to IAM & admin > Service accounts.
  3. Create a service account:
    1. Select Create a service account.
    2. Name the account.
    3. Click CREATE and CONTINUE.

    4. From the Role dropdown list, select the desired role, then click CONTINUE or DONE.

      Note

      This example selects a custom role for high availability (HA). You can select the viewer role or another role if the FortiGate is on-premise or you do not need to configure HA.
    5. If you are configuring the service account for use in an SDN connector for HA or for running the VM, select the correct IAM role with the needed permissions.
      Note

      For guidelines on the IAM role permissions for HA, see Configuring GCP SDN Connector using service account.

      For information about configuring a GCP IAM service account, see Creating and managing service accounts.
    6. (Optional) Configure user access.
To create the service account key:
  1. Edit the service account by selecting its email address.
  2. On the Keys tab, click ADD KEY.

  3. Select to import your existing key or generate another. If you create a new key, you can select a JSON formatted key or a P12, which includes the private and public keys. Once created, the key automatically downloads to your PC.

    Note

    For information about creating service account keys, see Create and manage service account keys.
To edit the private key:
  1. Use a text editor to open the downloaded key.
  2. Find the line “"private_key": "-----BEGIN PRIVATE KEY-----\n……”
  3. Edit the key between “-----BEGIN PRIVATE KEY-----“ and ”-----END PRIVATE KEY-----”.
  4. Remove "\n" using a tool or command of your choice, for example by using the Find and Replace function in Notepad++.

    Note

    This replaces "\n" with the actual return line, rendering a correctly formatted private key.
  5. Copy and paste the key content into the FortiOS GUI or CLI.

Previous
Next

Creating a GCP service account

This topic describes how to create a GCP service account and an API key pair, and provides guidelines on how to edit the private key for use in FortiOS. If you enabled metadata Identity and Access Management (IAM) in Configuring GCP SDN Connector using service account, you do not need to create a service account.

To create a GCP service account:
  1. Log into the GCP Compute Portal.
  2. Go to IAM & admin > Service accounts.
  3. Create a service account:
    1. Select Create a service account.
    2. Name the account.
    3. Click CREATE and CONTINUE.

    4. From the Role dropdown list, select the desired role, then click CONTINUE or DONE.

      Note

      This example selects a custom role for high availability (HA). You can select the viewer role or another role if the FortiGate is on-premise or you do not need to configure HA.
    5. If you are configuring the service account for use in an SDN connector for HA or for running the VM, select the correct IAM role with the needed permissions.
      Note

      For guidelines on the IAM role permissions for HA, see Configuring GCP SDN Connector using service account.

      For information about configuring a GCP IAM service account, see Creating and managing service accounts.
    6. (Optional) Configure user access.
To create the service account key:
  1. Edit the service account by selecting its email address.
  2. On the Keys tab, click ADD KEY.

  3. Select to import your existing key or generate another. If you create a new key, you can select a JSON formatted key or a P12, which includes the private and public keys. Once created, the key automatically downloads to your PC.

    Note

    For information about creating service account keys, see Create and manage service account keys.
To edit the private key:
  1. Use a text editor to open the downloaded key.
  2. Find the line “"private_key": "-----BEGIN PRIVATE KEY-----\n……”
  3. Edit the key between “-----BEGIN PRIVATE KEY-----“ and ”-----END PRIVATE KEY-----”.
  4. Remove "\n" using a tool or command of your choice, for example by using the Find and Replace function in Notepad++.

    Note

    This replaces "\n" with the actual return line, rendering a correctly formatted private key.
  5. Copy and paste the key content into the FortiOS GUI or CLI.

Previous
Next