ScyllaDB University Live | Free Virtual Training Event
Learn more
ScyllaDB Documentation Logo Documentation
  • Server
  • Cloud
  • Tools
    • ScyllaDB Manager
    • ScyllaDB Monitoring Stack
    • ScyllaDB Operator
  • Drivers
    • CQL Drivers
    • DynamoDB Drivers
  • Resources
    • ScyllaDB University
    • Community Forum
    • Tutorials
Download
ScyllaDB Docs ScyllaDB Cloud Deployment Deploy ScyllaDB to Your Own Cloud Account - GCP

Deploy ScyllaDB to Your Own Cloud Account - GCP¶

Available with the Professional plan and above

When you select Google Cloud Platform as your cloud provider when creating a cluster, your cluster is deployed by default under the ScyllaDB GCP account. As an alternative, you can deploy the ScyllaDB Cloud database into your own GCP account—a model referred to as Bring Your Own Account (BYOA).

This article will guide you through the process of integrating your GCP account with ScyllaDB Cloud.

Caution

ScyllaDB Cloud creates resources within your account and assumes exclusive management of those resources.

If you modify any infrastructure components managed by ScyllaDB Cloud, we cannot guarantee that the service will continue to operate as expected. This includes modifications to security groups, permissions associated with the ScyllaDB role, or other restrictions that could disrupt ScyllaDB Cloud’s ability to manage the necessary resources. Such changes may affect our ability to uphold service commitments within your account.

To avoid service disruptions, please consult our support team before making any changes to ScyllaDB-managed resources.

Prerequisites¶

Verify that the recommended limits are set for your GCP account.

  • GCP Account Limits

  • GCP Role Permissions

Linking Your GCP Account with ScyllaDB Cloud¶

Before you provision a cluster in your GCP account, you must link that account with ScyllaDB Cloud.

To make linking easier, we will provide you with a terraform template. You will need terraform and GCP permissions to grant all required permissions.

A wizard will guide you through the process.

  1. Go to Managed Resources via the drop-down in the top right corner next to your username.

  2. Open the Bring Your Own Account tab.

  3. Click Add Account to open the Add Cloud Account wizard.

  4. Choose your Google Cloud Platform from the Provider drop-down.

  5. In the Project ID field, specify your project ID.

    You can copy your project ID from the Google Cloud Console.

    ../_images/byoa-gcp-id-console.png
  6. Click Generate Template to generate a Terraform template that includes all files required for provisioning the cloud resources.

  7. Click Next to open a screen displaying further instructions and the Cloud Resource Template Secret that will be required while applying the Terraform template.

    ../_images/byoa-gcp-pop-up.png
  8. Click Download template to download the Terraform template (a ZIP archive).

  9. Unzip the archive.

  10. In a terminal, navigate to the unzipped directory and run the following terraform commands to set up the account.

    • To initialize Terraform:

      terraform init
      
    • To dry run:

      terraform plan
      
    • To apply the changes:

      terraform apply
      

    When running terraform init and terraform plan, you will be prompted to enter the Cloud Resource Template Secret:

    ../_images/byoa-gcp-secret-prompt.png

    Copy and paste the Cloud Resource Template Secret from the wizard:

    ../_images/byoa-gcp-secret-copy.png
  11. Go back to the wizard and click Verify to verify that your GCP account has been set up correctly.

Once verified successfully, your GCP account is ready to be used for the deployment of ScyllaDB clusters—choose the Your GCP Account option during cluster creation.

Reviewing and Managing Your Accounts¶

To review the list of your accounts linked with ScyllaDB Cloud, go to Managed Resources via the drop-down and open the Bring Your Own Account tab.

It will display the following information:

  • Account Name - The name of your account.

  • Provider - Your cloud provider name.

  • Date Added - The date when the account was added to ScyllaDB Cloud.

  • Status - The status of the account in ScyllaDB Cloud:

    • Available - The account is added to ScyllaDB Cloud and verified. You can use it when creating a new cluster.

    • Pending Action - The account has not been provisioned. You can click Resume to finalize your account.

    • In Use - The account is in use by an existing cluster. You can click the Cluster Name link next to the status to view the information about the cluster.

    • Deleted - The account has been deleted and cannot be re-used.

You can use the trash icon to delete any account that is not in use.

GCP Account Limits¶

To ensure that you don’t exceed your GCP account quota, we suggest setting a specific quota for the resources that ScyllaDB Cloud will use. Please note that the recommended limits should be considered in addition to your current resource allocation.

Service Name

Quota Name

Recommended Value

Compute Engine API

VPC networks per project

5

Compute Engine API

Networks

20

Compute Engine API

Firewall Rules

200

Compute Engine API

VM instances

20

Compute Engine API

CPUs

10000 (the default is 30000)

Compute Engine API

Local SSD (GB)

10000 (the default is 30000)

Compute Engine API

Static external IP addresses per project

20

GCP BYOA Role Permissions¶

This section lists the permissions that ScyllaDB Cloud role requires to deploy and manage your clusters in your GCP account.

Category

Permision

Addresses

  • compute.addresses.create

  • compute.addresses.delete

  • compute.addresses.get

  • compute.addresses.list

  • compute.addresses.setLabels

  • compute.addresses.use

Disks

  • compute.disks.create

  • compute.disks.get

  • compute.disks.resize

  • compute.disks.setLabels

Firewall Policies & Rules

  • compute.firewallPolicies.create

  • compute.firewallPolicies.delete

  • compute.firewallPolicies.get

  • compute.firewallPolicies.list

  • compute.firewalls.create

  • compute.firewalls.delete

  • compute.firewalls.get

  • compute.firewalls.list

  • compute.firewalls.update

Instances (VMs)

  • compute.instances.addAccessConfig

  • compute.instances.create

  • compute.instances.delete

  • compute.instances.detachDisk

  • compute.instances.get

  • compute.instances.list

  • compute.instances.reset

  • compute.instances.setLabels

  • compute.instances.setMachineType

  • compute.instances.setMetadata

  • compute.instances.setTags

  • compute.instances.setServiceAccount

  • compute.instances.stop

Machine Types

  • compute.machineTypes.get

  • compute.machineTypes.list

Networks & Routing

  • compute.networks.addPeering

  • compute.networks.create

  • compute.networks.get

  • compute.networks.removePeering

  • compute.networks.updatePolicy

  • compute.routes.create

  • compute.routes.delete

  • compute.routes.list

Subnetworks

  • compute.subnetworks.create

  • compute.subnetworks.delete

  • compute.subnetworks.list

  • compute.subnetworks.setPrivateIpGoogleAccess

  • compute.subnetworks.use

  • compute.subnetworks.useExternalIp

Operations

  • compute.globalOperations.get

  • compute.globalOperations.list

  • compute.regionOperations.get

  • compute.regionOperations.list

  • compute.zoneOperations.get

  • compute.zoneOperations.list

Regions & Zones

  • compute.regions.get

  • compute.zones.list

Projects (Compute-scoped)

  • compute.projects.get

Category

Permision

Roles

  • iam.roles.get

  • iam.roles.list

Service Accounts

  • iam.serviceAccounts.actAs

  • iam.serviceAccounts.create

  • iam.serviceAccounts.createTagBinding

  • iam.serviceAccounts.delete

  • iam.serviceAccounts.deleteTagBinding

  • iam.serviceAccounts.disable

  • iam.serviceAccounts.enable

  • iam.serviceAccounts.get

  • iam.serviceAccounts.getIamPolicy

  • iam.serviceAccounts.list

  • iam.serviceAccounts.listEffectiveTags

  • iam.serviceAccounts.listTagBindings

  • iam.serviceAccounts.setIamPolicy

  • iam.serviceAccounts.undelete

  • iam.serviceAccounts.update

Service Account Keys

  • iam.serviceAccountKeys.create

  • iam.serviceAccountKeys.delete

Category

Permision

Buckets

  • storage.buckets.create

  • storage.buckets.delete

  • storage.buckets.get

  • storage.buckets.getIamPolicy

  • storage.buckets.list

  • storage.buckets.setIamPolicy

  • storage.buckets.update

Objects

  • storage.objects.delete

  • storage.objects.list

Was this page helpful?

PREVIOUS
Deploy ScyllaDB to Your Own Cloud Account - AWS
NEXT
Terraform Provider for ScyllaDB Cloud
  • Create an issue

On this page

  • Deploy ScyllaDB to Your Own Cloud Account - GCP
    • Prerequisites
    • Linking Your GCP Account with ScyllaDB Cloud
    • Reviewing and Managing Your Accounts
    • GCP Account Limits
    • GCP BYOA Role Permissions
ScyllaDB Cloud
  • New to ScyllaDB? Start here!
  • Quick Start Guide to ScyllaDB Cloud
  • About ScyllaDB Cloud as a Service
    • Benefits
    • Backups
    • Best Practices
    • Managing ScyllaDB Versions
    • Support, Alerts, and SLA Commitments
    • Costs
  • Deployment
    • Cloud Providers
    • Cluster Types
    • Bring Your Own Account (BYOA) - AWS
    • Bring Your Own Account (BYOA) - GCP
    • Terraform Provider
  • Cluster Connections
    • Configure AWS Transit Gateway (TGW) VPC Attachment Connection
    • Configure Virtual Private Cloud (VPC) Peering with AWS
    • Configure Virtual Private Cloud (VPC) Peering with GCP
    • Migrating Cluster Connection
    • Checking Cluster Availability
    • Glossary for Cluster Connections
  • Access Management
    • SAML Single Sign-On (SSO)
    • User Management
  • Managing Clusters
    • Scaling a Cluster
    • Deleting a Cluster
    • Maintenance Windows
    • Email Notifications
    • Usage
  • Using ScyllaDB
    • Apache Cassandra Query Language (CQL)
    • ScyllaDB Drivers
    • Tracing
    • Role Based Access Control (RBAC)
    • ScyllaDB Integrations
  • Monitoring
    • Monitoring Clusters
    • Extracting Cluster Metrics in Prometheus Format
  • Security
    • Security Best Practices
    • Security Concepts
    • Database-level Encryption
    • Storage-level Encryption
    • Data Privacy and Compliance
  • Free Trial
  • Tutorials
  • API Documentation
    • Create a Personal Token for Authentication
    • Terraform Provider for ScyllaDB Cloud
    • API Reference
    • Error Codes
  • Getting Help
    • ScyllaDB Cloud FAQ
Docs Tutorials University Contact Us About Us
© 2025, ScyllaDB. All rights reserved. | Terms of Service | Privacy Policy | ScyllaDB, and ScyllaDB Cloud, are registered trademarks of ScyllaDB, Inc.
Last updated on 20 Jun 2025.
Powered by Sphinx 7.4.7 & ScyllaDB Theme 1.8.6
Ask AI