Set up your Backup storage bucket in Google Cloud Storage

This method uses a PowerShell script to automate the creation of the Project, Service Account, and Bucket. It is faster and less error-prone than the manual process.

Requirements

• An account in Google Cloud with "Owner" or Project Creator permissions.
• A Windows machine with PowerShell (Run as Administrator).
• A browser window authenticated into your Google Cloud tenant (this must be the most recent tab used).

Procedure

1. Install SDK: Install the Google Cloud SDK using the official instructions provided here.

2. Initialize: Open PowerShell and ensure the SDK is initialized by running the command:

   gcloud init

3. Download Script: Download the GCP_Storage_Configuration.ps1 file.
   • Tip: Save this to an accessible folder, such as your Downloads folder.
4. Run PowerShell as Admin: Search for "Windows PowerShell" in your start menu, right-click, and select Run as Administrator.

5. Navigate to Script: Use the CD command to navigate to the folder where you saved the script.

   CD C:\Users\(your name)\Downloads

6. Execute: Run the script by entering:

   .\GCP_Storage_Configuration.ps1

7. Enter Configuration Details: The script will prompt you for the following inputs:
   • Project ID: Enter a unique ID (lowercase letters, digits, or hyphens only).
   • Service Account ID: Enter a unique name (can match Project ID).
   • Region: Enter a supported region (e.g., us-central1 or europe-west1).
   • BucketName: Enter a unique DNS-compliant name (e.g., backup-yourcompany-2024).
8. Finalize:
   • (Optional) Add a KeyName if using KMS encryption.
   • (Optional) Set StorageClass (Default is usually Standard).
   • (Optional) Set ServiceAccountKeyType (Type json).
   • Set Output Path for the JSON key file (Default is $Home\GCPConfig).

If you cannot run PowerShell scripts, follow these steps to manually configure your environment in the Google Cloud Console.

Step 1: Create the Service Account Key

1. Navigate to the Google Cloud Console.
2. Ensure your desired Project is selected in the top dropdown menu.
3. Go to IAM & Admin Service Accounts.
4. Select an existing service account or create a new one.
5. Click the Keys tab Add Key Create New Key.
6. Select JSON and download the file. 
   Warning: Keep this file confidential. It grants access to your backup data.

Step 2: Create the Bucket

1. Go to Cloud Storage Buckets.
2. Click Create Bucket.
3. Name: Enter a unique name (e.g., starts with backup-).
4. Location: Choose Region and select a supported location (e.g., us-central1).
5. Storage Class: Select Standard or Autoclass.
6. Access Control: Ensure "Enforce public access prevention" is checked.
7. Encryption: Select Google-managed key (unless you have a specific requirement for Customer-managed keys).
8. Click Create.

Step 3: Assign Permissions

You must grant the Service Account permission to manage the bucket.

1. Go to Cloud Storage Buckets and click on your new bucket.
2. Select the Permissions tab.
3. Click Grant Access (or "Add Principal").
4. New Principals: Paste the email address of the Service Account (found in the JSON key file or IAM console).
5. Assign Roles: Add the following two roles:
   • Storage Admin
   • Storage Object Admin
6. Click Save.

Step 4: Monitoring Permissions (Optional)

To allow CloudM to report on storage metrics:

1. Go to IAM & Admin > IAM.
2. Find your Service Account in the list and click the Edit (Pencil) icon.
3. Add the role: Monitoring Viewer.
4. Click Save.