mirror of https://github.com/trailofbits/algo
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.8 KiB
1.8 KiB
Google Cloud Platform setup
Follow the installation instructions to have the CLI commands to interact with Google.
After creating an account and installing, login in on your account using gcloud init
Creating a project
The recommendation on GCP is to group resources on Projets, so we will create one project to put our VPN server and service account restricted to it.
## Create the project to group the resources
### You might need to change it to have a global unique project id
PROJECT_ID=${USER}-algo-vpn
BILLING_ID="$(gcloud beta billing accounts list --format="value(ACCOUNT_ID)")"
gcloud projects create ${PROJECT_ID} --name algo-vpn --set-as-default
gcloud beta billing projects link ${PROJECT_ID} --billing-account ${BILLING_ID}
## Create an account that have access to the VPN
gcloud iam service-accounts create algo-vpn --display-name "Algo VPN"
gcloud iam service-accounts keys create configs/gce.json \
--iam-account algo-vpn@${PROJECT_ID}.iam.gserviceaccount.com
gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member serviceAccount:algo-vpn@${PROJECT_ID}.iam.gserviceaccount.com \
--role roles/compute.admin
gcloud projects add-iam-policy-binding ${PROJECT_ID} \
--member serviceAccount:algo-vpn@${PROJECT_ID}.iam.gserviceaccount.com \
--role roles/iam.serviceAccountUser
## Enable the services
gcloud services enable compute.googleapis.com
./algo -e "provider=gce" -e "gce_credentials_file=$(pwd)/configs/gce.json"
Attention: take care of the configs/gce.json file, which contains the credentials to manage your Google Cloud account, including create and delete servers on this project.
There are more advanced arguments available for deploynment using ansible