I’m starting integration of CloudQuery with Google Cloud Platform (GCP) and I have two questions:
Which role should I assign my service account in order to retrieve most (if not all) tables?
What is the preferred way of connecting other customers of mine with my app which runs CloudQuery? Should I create a service account for each of my customers and create a corresponding JSON key for each service account, or should I create one service account in my own GCP account and then have my customers add my service account as a service principal to their GCP account?
Hi! Using a general Viewer role should work. Here’s a video tutorial on CQ vs. GCP showing the basics: CQ vs. GCP Video Tutorial.
For the second question, the latter sounds better to me as you can utilize the parallelization and org filters while running a single sync. But there’s no sure way as it would depend on your org structure and types of resources. You might find running multiple CQ instances in parallel and limiting each to one (or a set of) orgs could be more performant in some cases.
As per the documentation at CloudQuery GCP Plugin Docs, use organization_ids or organization_filter to filter orgs.
