Connecting Teevity to your GCP environment

Last updated - 2023/12/07

Teevity connects to your GCP environment via two disting ServiceAccounts:

- One GCP serviceAccount for the access to billing data (985668681564-9257rkc0bnb09l6e5228bb1ornpt0942@developer.gserviceaccount.com)
- One GCP serviceAccount for the monitoring data (teevity-prod-usagemetrics-fetc@teevity-cloudcost-identities.iam.gserviceaccount.com)

Connection with the Teevity CLI

You can use the Teevity CLI (cf https://api.teevity.com to find the installation instructions).

teevity cloudservices declare-account-gcp --help

teevity --key "$TEEVITY_APIKEY" cloudservices declare-account-gcp \

--billingaccount-id "a5cxxx_xxxxxx_xxxgg3" \

--billingaccount-name "<Acme GCP BillingAccount>" \

--bigquery-export-project "acme-billing-project" \

--bigquery-export-dataset "billing-dataset" \

--bigquery-export-table "gcp_billing_export_v1_a5cxxx_xxxxxx_xxxgg3" \

--polling-do-not-immediately-poll-costs-for-created-or-updated-platforms \

--gcpProjectsFiltering.bigQueryWhereClause.base64 ""

Remark:

The --polling-do-not-immediately-poll-costs-for-created-or-updated-platforms parameter is optional and is a sort of --dry-run option
The --gcpProjectsFiltering.bigQueryWhereClause.base64 parameter can be used with an expressions such as billing_account_id = "01...-......-......" which is useful situations where a billing dataset contains data for several BillingAccount (this is the case for GCP Resellers for instance).

The ServiceAccount used by Teevity to fetch the Billing data require the following IAM Roles on your BigQuery billing dataset:

The ServiceAccount used by Teevity to fetch the Monitoring data require the following IAM Roles:

Teevity actually only uses a subset of the permissions granted by the Roles described above. The exact subset is: