Creating a Google Cloud service account key

A service account is required to migrate and run the IoT Core service. These instructions allow you to create a service account with the necessary permissions:

1. Select your desired project area.

2. Open the IAM & Admin Cloud services from the flyout menu.

3. Select Service Accounts in the left menu.

4. Click CREATE SERVICE ACCOUNT from the top menu bar.

5. Complete the account details.

a. Service Account Name: ClearBlade IoT Core Service Account

b. Account description: This account is used by ClearBlade IoT Core service to flow MQTT-based device message data into the Google Pub/Sub offering. It additionally integrates with Cloud Logging and Cloud Monitoring services.

c. Click CREATE AND CONTINUE.

6. Grant these roles to the service account:

a. IoT Viewer: This role is needed to migrate IoT Core registries only. It can be removed once the migration is completed.

b. Pub/Sub Editor:

i. This role is needed to allow ClearBlade IoT Core to publish messages into Google Cloud Pub/Sub topics. This role is needed for normal operations.

ii. This role is needed to allow the ClearBlade IoT Core console to browse and create new topics in Google Pub/Sub to send events and status updates. This role is needed for normal operations.

c. Logs Writer: This role is required for ClearBlade IoT Core to send data directly into the Google Cloud Logging service. This role is needed for normal operations.

d. Monitoring Metric Writer: This role is required for ClearBlade IoT Core to send metrics into the Google Cloud Monitoring service. This role is needed for normal operations.

e. Monitoring Viewer: This role is required for ClearBlade IoT Core to view metrics in the Google Cloud Monitoring service. This role is needed for normal operations.

7. Click CONTINUE.

image-20240131-184802.png

8. Leave the field to grant users access to the service account blank.

9. Click DONE to complete the service account creation.

10. Select the newly created account by clicking the email hyperlink.

11. On the Service Account Page, select KEYS from the top button bar.

12. Click ADD KEY → Create new key.

13. Choose JSON as the key type and click CREATE.

14. A new .json key file is downloaded to your device.