Skip to main content

Google Cloud Platform

This section provides information to help you prepare your Azure Account to be used with CxLink Backup. Ensure that you have the proper permissions to create or adapt the desired resources to the cxlink backup requirements.

Topics

Overview

CxLink Backup will connect to Azure Storage Blob to store the backup objects. The instance where the database is running will need granted access to the proper resources.

Create a Cloud Storage bucket for backups

To create a Cloud Storage bucket, use the Google Cloud console:

  • Open the Cloud Storage browser in Google Cloud console.

  • Click Create Bucket.

  • Name your bucket and click Continue.

  • Follow the prompts to set up your bucket.

  • Click Create.

  • To configure bucket permissions, click the permissions tab. By default, as owner of the bucket, you have read-write access to the bucket. You can also allow other principals to access your bucket.

To create a service account for the CxLink Backup agent:

  • In the Google Cloud console, go to the Service accounts page.

  • Select your Google Cloud project.

  • Click Create Service Account.

  • Enter a name for the service account.

  • Click Create and Continue.

  • In the Service account permissions section, grant the following roles to the service account:

    • cloudkms.cryptoKeyVersions.useToDecrypt
    • cloudkms.cryptoKeyVersions.useToEncrypt
    • cloudkms.cryptoKeyVersions.useToSign
    • cloudkms.cryptoKeyVersions.useToVerify
    • cloudkms.cryptoKeyVersions.viewPublicKey
    • cloudkms.locations.get
    • cloudkms.locations.list
    • storage.buckets.get
    • storage.buckets.list
    • storage.multipartUploads.abort
    • storage.multipartUploads.create
    • storage.multipartUploads.list
    • storage.multipartUploads.listParts
    • storage.objects.create
    • storage.objects.delete
    • storage.objects.get
    • storage.objects.getIamPolicy
    • storage.objects.list
    • storage.objects.update

  • Click Done.

  • On the Service accounts page in the Google Cloud console, click the email address of the service account that you just created.

  • Under the service account name, click the Keys tab.

  • Click the Add Key drop-down menu, and then select Create new key to create a service account key.

  • Accept JSON as the key type and click Create. A private key is saved to your computer.

  • Keep this key secure for later usage.

Grant the service account permission to use the Cloud Storage bucket

Update your Cloud Storage bucket to grant the service account permission to use the bucket:

  • Open the Cloud Storage browser in Google Cloud console.

  • Click on your bucket name in the Cloud Storage browser.

  • Click the Permissions tab.

  • Click Add principals.

  • In the New principals field, enter the full email address of the service account.

    For example: cxlink-backup@cxlink.iam.gserviceaccount.com

  • Click on the Select a role drop down and enter Storage Object Admin.

  • Click Save.