Hightouch's Google Cloud integration powers several features:
- self-hosted storage via GCS
- the BigQuery source
- the Google Cloud Storage source
- the Google Cloud Storage destination
To give Hightouch access to resources on your GCP account, go to the Cloud providers tab on the Settings page. Click Add cloud provider, and select Google Cloud Platform.
Give your credential a Display name, then select either Service account managed by Hightouch or Bring your own service account.
When using the managed service account access type, Hightouch creates a service account within our secure Google Cloud account, to which you can bind your project's IAM policies. IAM policies grant permissions within your Google Cloud project.
When you click Create a new service account, Hightouch generates a new service account in our project. The service account is unique to your workspace and this credential. You can then copy the service account email and click Create to confirm the service account creation.
Next, you need to bind IAM roles to this service account by calling
gcloud projects add-iam-policy-binding via the Google Cloud CLI. The specific roles you grant depend on the types of resources you want to grant Hightouch access to, such as Cloud Storage or BigQuery. Consult the relevant docs for more information on the specific permissions Hightouch needs.
When you Bring your own service account you upload your service account's key, which Hightouch securely stores.
First, you need to create a service account, grant it the relevant roles, and generate a key. Make sure you create JSON key, not P12. Once the service account and key have been created, download the key to your machine and drag and drop it into the file selector.
Hightouch then parses the key, and if it's valid, you see the Client ID and Client Email fields populated. If those correspond with your intended service account, click Create.
Make sure the service account you attached has the specific roles you need. These permissions depend on the types of resources you want to grant Hightouch access to, such as Cloud Storage or BigQuery. Consult the relevant docs for more information on the specific permissions Hightouch needs.
Once you've set up your Google Cloud credentials in Hightouch, you can now use them throughout the app, for example for external storage, the BigQuery and GCS sources, and other Google Cloud integrations like Google Ad Manager.
Regardless of whether you use a managed service account or being your own, ensure it has required permissions. Consult the relevant docs for more information on the specific permissions Hightouch needs.