Global Read-only permissions (for pulling Inventory from all Projects)

We just starting to you GCP, and we would like to have ability to export/ have a list all our Compute resources, so they could be used for Inventory purposes (imported into Netbox).

I don't have yet a lot of experience and it's hard to understand how to achieve this goal. So far we created user account (inventory@example.com), and tried to understand how to grant permissions (and which ones). We tried to add our user account (inventory@example.com) manually as Viewer in Projects, but it's manual work and not efficient.

I see that there is "Asset inventory", but it's not clear to me if it could be used to "Pull" inventory data from outside (we use mainly AWS, and we have there "Netbox" deployed).

Or we should use "Service Accounts", but when i navigate to this menu i see next: "Page not viewable for organizations. To view this page, select a project".

I'm confused a little bit. Any advices are welcomed :-) Thank you.

It does not matter whether you use a Service Account or inventory@example.com, the account just need to have the correct permissions. You are getting a "Page not viewable for organizations. To view this page, select a project". error because a service account is tied to a project. If you do not specify a project in which you want to view or create Service Accounts, it won't work.

As for your other question regarding Cloud Asset Inventory, I do not think it can pull data from AWS or from outside in general. At least the docs do not suggest it. The public documentation is available here .

If you have all your projects under the same organization you can specify the organization as the scope of the query and Cloud Asset Inventory will show all resources in the projects under the selected organization. Read more about this here.

In this case an example query would be:

gcloud asset search-all-resources --scope organizations/123456