0

I would like to set up some shared services (e.g. neo4j, MongoDB, and Kafka) in GCP. These services would be used by various applications (separate GCP projects). The services would not be publicly accessible, they should only be network accessible from our other GCP projects in our account. Each application would have a separate database.

My idea is to set up the services within a standalone project (e.g managed-services-prod, managed-services-test), etc. What would be the best way for the applications to access the shared services using GCP?

Improve this question
5
  • when you say 'from the GCP other projects', do you mean other projects within the same organization or other unrelated projects? Commented Mar 17, 2021 at 13:07
  • Other projects in our Google account. We don't use organisations as we don't have GSuite or Cloud Identity. Commented Mar 17, 2021 at 13:49
  • 1
    tbh Google recommends creating organization. It will be much easier to manage all these projects from security, access point of view and some of the feature might require organization node. cloud.google.com/docs/enterprise/… Commented Mar 17, 2021 at 14:03
  • 1
    To answer your question, creating service accounts for access is one of the best practice Commented Mar 17, 2021 at 14:06
  • Can you use a service account to access a database through a client library (e.g. Java app -> neo4j)? I would have thought it would be more like VPC network access or something? Commented Mar 17, 2021 at 15:37

1 Answer 1

Reset to default
1

Recapping for better visibility:

  1. Google recommends creating organization to manage multiple projects.
  2. You can create a Service Account and grant it access to resources in different project:
gcloud projects add-iam-policy-binding $PROJECT_1 \
--member=serviceAccount:${PROJECT_2}@appspot.gserviceaccount.com \
--role=roles/cloudbuild.builds.viewer \

You can find more info here.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.