roles/viewer
Using only the roles/viewer
role provides basic access but with limitations.
Anyshift will be able to scan core GCP resources like Compute Engine, Cloud SQL, GKE, Logging, Monitoring, and Pub/Sub.However, many specialized services will not be accessible.Complete Role List for Maximum Coverage
roles/viewer
:roles/aiplatform.viewer
, roles/notebooks.viewer
roles/apigateway.viewer
roles/artifactregistry.reader
roles/bigquery.dataViewer
, roles/bigquery.jobUser
, roles/bigquery.metadataViewer
roles/certificatemanager.viewer
roles/billing.viewer
, roles/billing.budgets.viewer
roles/cloudbuild.builds.viewer
roles/cloudfunctions.viewer
roles/cloudkms.viewer
roles/composer.environmentAndStorageObjectViewer
roles/datacatalog.viewer
roles/dataflow.viewer
roles/dataproc.viewer
roles/dns.reader
roles/iam.roleViewer
, roles/iam.serviceAccountViewer
, roles/iam.workloadIdentityPoolViewer
roles/redis.viewer
roles/storage.objectViewer
roles/workflows.viewer
roles/viewer
Option 1: Service-account key
anyshift-readonly
, Description: “Read-only service account for Anyshift” → Create
Viewer
(Basic role)API Gateway Viewer
Artifact Registry Reader
BigQuery Data Viewer
BigQuery Job User
Certificate Manager Viewer
Cloud Build Viewer
Cloud Functions Viewer
Cloud KMS Viewer
Cloud Composer Viewer
Data Catalog Viewer
Dataflow Viewer
Dataproc Viewer
DNS Reader
Memorystore Redis Viewer
Storage Object Viewer
Workflows Viewer
IAM Role Viewer
IAM Service Account Viewer
IAM Workload Identity Pool Viewer
anyshift-readonly
account
Integrations → GCP → Add Service Account
and upload the JSON file containing the credentials.Option 2: Workload Identity (coming soon)