GCP

connect from resolve ai to google cloud observability to give the agent access to logs to be used in investigations resolve ai supports two authentication methods for gcp pick one service account key — paste a gcp service account private key json simplest to set up workload identity federation (wif) — aws→gcp federation resolve ai authenticates to your gcp project using its aws identity, so no long lived private key is stored recommended if your security posture discourages static service account keys prerequisite you will need permissions in google cloud console to create a service account (for option 1) or a workload identity pool (for option 2), and in resolve ai to create an integration 1\ in google cloud, set up authentication in google cloud console open the service account page https //console cloud google com/iam admin/serviceaccounts/create add the following role for logs roles/logging viewer create a private key of type json , and copy it to use in the next step with wif, resolve ai's workload (running on aws) authenticates to your gcp project directly — nothing is stored on the resolve ai side except the federation config json and your project id in google cloud console, open iam & admin → workload identity federation https //console cloud google com/iam admin/workload identity pools create a workload identity pool (or reuse an existing one) add an aws provider to the pool contact resolve ai support to get the specific aws account id and iam role arn that the provider should trust — that's the identity resolve ai's workload uses to authenticate create or choose a gcp service account that resolve ai will impersonate, and grant it roles/logging viewer on the projects/folders/orgs whose logs you want to expose grant the workload identity pool principal the roles/iam workloadidentityuser role on that service account, so the federated aws identity is allowed to impersonate it from the pool's provider page, click download config to get the federation credential json (it will have "type" "external account" ) keep it — you'll paste it into resolve ai in the next step note your gcp project id — you'll need it too 2\ in resolve ai, add integration open resolve ai at https //app0 resolve ai open integrations for your organization at https //app0 resolve ai/integrations click https //app0 resolve ai/integrations/gcp/connect from the list click add connection at the top right give the integration a name, ex gcp prod add one or more resource names — the log containers to search examples projects/project id , folders/folder id , organizations/org id , or a specific log bucket view list the environments, ex production and staging choose an authentication method service account key — paste the whole private key json from option 1 into the service account key json field workload identity federation — paste the federation config json from option 2 into the workload identity config json field, and enter your project id click save