GCP Configuration
To be able to analyse and discover your infrastructure, Overmind requires read-only access to your Google Cloud Platform (GCP) project.
Overview​
The GCP source discovers and maps your Google Cloud resources including:
- Compute Engine: Instances, disks, images, networks, and load balancers
- BigQuery: Datasets, tables, and models
- Cloud KMS: Key rings and crypto keys
- IAM: Service accounts and keys
- Cloud Logging: Log sinks and configurations
- Network Security: Client TLS policies and server TLS policies
- Spanner: Instances and databases
Configuration​
To configure the GCP source, you'll need:
- A GCP project ID
- Appropriate IAM permissions for Overmind to read your resources
- Service account credentials (if running outside of GCP)
Required Permissions​
The GCP source requires the following IAM roles or equivalent permissions:
roles/viewer- Basic read access to most resourcesroles/bigquery.metadataViewer- Read BigQuery metadataroles/cloudkms.viewer- Read Cloud KMS resourcesroles/logging.viewer- Read Cloud Logging configurations
Service Account Setup​
If running outside of GCP, create a service account with the required permissions:
- Open the Google Cloud Console
- Navigate to IAM & Admin > Service Accounts
- Click "Create Service Account"
- Provide a name and description (e.g., "overmind-readonly")
- Assign the required roles listed above
- Create and download a JSON key file
- Set the
GOOGLE_APPLICATION_CREDENTIALSenvironment variable to point to the key file
Regions and Zones​
Configure the regions and zones you want Overmind to discover:
- Regions: Specify the GCP regions to scan (e.g.,
us-central1,europe-west1) - Zones: Specify specific zones within regions (e.g.,
us-central1-a,us-central1-b)
Supported Resources​
The GCP source automatically discovers resources across your specified project, regions, and zones. Resources are discovered using both:
- Manual adapters: Custom implementations for complex resources
- Dynamic adapters: Generated adapters for standard GCP resources