> ## Documentation Index
> Fetch the complete documentation index at: https://docs.leap.new/llms.txt
> Use this file to discover all available pages before exploring further.

# Connect Google Cloud Account

> Deploy your Leap application to your own GCP account through Encore Cloud

Connect your Google Cloud Platform account to Encore Cloud to deploy your Leap application directly to your own GCP infrastructure. Encore provides a dedicated GCP Service Account for your application and guides you through the setup process.

## Prerequisites

<Steps>
  <Step title="GCP Organization Access">
    * Access to a GCP Organization account
    * **Organization Policy Administrator** role (required for setup)
    * Billing enabled on your GCP project
    * Understanding of which GCP region you want to deploy to
  </Step>

  <Step title="Leap Application Ready">
    * Your application built and tested with Leap
    * Preview environment validated and working
    * Ready to deploy to production infrastructure
  </Step>
</Steps>

## Connection Process

<Steps>
  <Step title="Access the Connect Cloud page">
    In your Leap project:

    1. Go to the [Encore Cloud dashboard](https://app.encore.cloud/)
    2. Select your application
    3. Navigate to **App Settings** → **Integrations** → **Connect Cloud**
    4. Select **Google Cloud Platform (GCP)**
  </Step>

  <Step title="Get your App's Service Account">
    Encore Cloud provides a unique GCP Service Account for your application:

    * Find your app's Service Account email on the Connect Cloud page
    * Copy this email address - you'll need it for the next steps
    * This Service Account will be used by Encore to provision infrastructure
  </Step>

  <Step title="Configure Domain Restricted Sharing">
    Update your GCP Organization's domain restricted sharing policy:

    * Add Encore Cloud to your allowed domains list
    * Follow the specific instructions provided on the Connect Cloud page
    * This allows Encore's Service Account to access your organization

    <Warning>
      **Permission required**: You need the **Organization Policy Administrator** role to modify this policy.
    </Warning>
  </Step>

  <Step title="Grant Access to Encore Service Account">
    Provide the necessary permissions to Encore's Service Account:

    * Use the Service Account email from step 2
    * Follow the detailed permission instructions on the Connect Cloud page
    * Grant access to provision infrastructure in your GCP project
  </Step>
</Steps>

## Required Permissions

<AccordionGroup>
  <Accordion title="Organization Policy Administrator Role">
    **Required for initial setup**

    If you don't have the Organization Policy Administrator role:

    1. Ask your GCP Organization Administrator to grant you the role
    2. Alternatively, have them complete the domain restriction setup for you

    **If you are a GCP Organization Administrator:**

    1. Go to the [IAM & Admin page](https://console.cloud.google.com/iam-admin/iam) in GCP Console
    2. Find your user account in the members list
    3. Click the pencil icon to edit your account
    4. Add the **Organization Policy Administrator** role
    5. Click Save
  </Accordion>

  <Accordion title="Service Account Permissions">
    **Infrastructure provisioning permissions**

    The Encore Service Account needs permissions to:

    * Create and manage compute resources
    * Provision managed database services
    * Configure networking and security
    * Set up monitoring and logging
    * Manage IAM roles for your application

    Specific permissions will be detailed in the Connect Cloud setup instructions.
  </Accordion>
</AccordionGroup>

## What Gets Deployed

When you deploy to your GCP account through Encore Cloud, the following infrastructure is automatically provisioned:

<CardGroup cols={2}>
  <Card title="Compute & Networking" icon="server">
    **Cloud-native application hosting**

    * Google Cloud Run or Compute Engine services
    * Load balancing and auto-scaling
    * VPC and firewall configuration
    * SSL certificates and domain management
  </Card>

  <Card title="Data & Storage" icon="database">
    **Managed database and storage**

    * Cloud SQL for managed databases
    * Cloud Storage for application assets
    * Automated backups and maintenance
    * Security and access controls
  </Card>

  <Card title="Security & Identity" icon="shield">
    **Enterprise security configuration**

    * IAM roles and service accounts
    * Security policies and firewall rules
    * Encryption at rest and in transit
    * Network isolation and access controls
  </Card>

  <Card title="Monitoring & Operations" icon="chart-line">
    **Observability and management**

    * Cloud Monitoring integration
    * Cloud Logging for centralized logs
    * Integration with Encore's monitoring
    * Performance tracking and alerting
  </Card>
</CardGroup>

## Managing Multiple GCP Accounts

<Tabs>
  <Tab title="Account Selection">
    **Working with multiple GCP accounts**

    If you have access to multiple GCP accounts:

    * Ensure you're logged in with the correct account
    * Verify the correct organization is selected in GCP Console
    * Double-check you're modifying policies for the right organization
    * Use the account switcher in GCP Console if needed
  </Tab>

  <Tab title="Organization Structure">
    **Understanding GCP organization hierarchy**

    * **Organization**: Top-level container for all GCP resources
    * **Folders**: Optional grouping for projects (if used)
    * **Projects**: Where your actual resources will be deployed
    * **Resources**: The infrastructure Encore provisions
  </Tab>
</Tabs>

## Troubleshooting Common Issues

<AccordionGroup>
  <Accordion title="Cannot access/edit Domain Restricted Sharing policy">
    **Missing Organization Policy Administrator role**

    **Problem**: You can't access or modify the Domain restricted sharing policy

    **Solution**:

    * You need the **Organization Policy Administrator** role
    * Ask your GCP Organization Administrator to grant you this role
    * Alternatively, have them complete the setup for you
    * Follow the role assignment steps in the permissions section above
  </Accordion>

  <Accordion title="Cannot grant access to Encore Service Account">
    **Service Account access issues**

    **Problem**: Unable to grant access to the Encore Cloud service account

    **Possible causes and solutions**:

    * **Domain restriction not configured**: Ensure you've added Encore Cloud to your Domain restricted sharing policy
    * **Wrong GCP account**: Verify you're logged in with the correct account
    * **Wrong organization**: Ensure the correct organization is selected in GCP Console
    * **Multiple accounts**: If using several GCP accounts, make sure you're working with the right one
  </Accordion>

  <Accordion title="Encore Cloud returns 'Could not find Organization ID'">
    **Organization connectivity issues**

    **Problem**: Error message about missing Organization ID

    **Solution**:

    * Verify you've completed all steps in the Connect Cloud page
    * Ensure Encore Cloud has been granted access to your GCP Organization
    * Check that you're logged in with the correct GCP account
    * Confirm the correct organization is selected in GCP Console
    * If using multiple GCP accounts, verify you're working with the intended one
  </Accordion>

  <Accordion title="Permission errors during deployment">
    **Insufficient permissions for infrastructure provisioning**

    **Problem**: Deployment fails due to missing permissions

    **Solution**:

    * Review the permission requirements in the Connect Cloud instructions
    * Ensure the Encore Service Account has all necessary permissions
    * Check GCP audit logs for specific permission denials
    * Verify you're working within the correct GCP project
  </Accordion>
</AccordionGroup>

## After Connection

Once you've successfully connected your GCP account:

<Steps>
  <Step title="Verify Connection">
    * Encore Cloud will test the connection to your GCP account
    * You should see a success confirmation
    * Your GCP account will appear as an available deployment target
  </Step>

  <Step title="Choose Deployment Region">
    Select which GCP region you want for your deployment:

    * Consider latency to your users
    * Review regional service availability
    * Factor in compliance and data residency requirements
    * Consider integration with existing GCP infrastructure
  </Step>

  <Step title="Deploy Your Application">
    * Click **Deploy** in your Leap project
    * Select your GCP environment
    * Monitor the deployment progress in Encore Cloud dashboard
    * First deployment typically takes 10-15 minutes
  </Step>
</Steps>

## Important Notes

<AccordionGroup>
  <Accordion title="Resource Management">
    **Understanding infrastructure lifecycle**

    * Encore Cloud provisions infrastructure in your GCP account
    * Resources are billed directly to your GCP account
    * **Manual approval required** for resource deletion for safety
    * Always approve infrastructure deletion in Encore Cloud dashboard when disconnecting
  </Accordion>

  <Accordion title="Billing and Costs">
    **Managing GCP costs**

    * All infrastructure costs appear in your GCP billing
    * Use GCP's cost management tools to monitor spending
    * Leverage existing GCP committed use discounts
    * Set up billing alerts in your GCP account
  </Accordion>

  <Accordion title="Security and Compliance">
    **Maintaining your security posture**

    * Your data remains in your GCP account at all times
    * Leverage your existing GCP security policies
    * Use Cloud Audit Logs for compliance tracking
    * Implement your organization's security requirements
  </Accordion>
</AccordionGroup>

## Getting Help

If you encounter issues during the GCP connection process:

<CardGroup cols={2}>
  <Card title="Encore Support" icon="life-ring">
    **Direct support channels**

    * Email: [support@encore.dev](mailto:support@encore.dev)
    * [Encore Discord](https://encore.dev/discord) community
    * Detailed instructions in Connect Cloud page
  </Card>

  <Card title="GCP Documentation" icon="book">
    **Additional GCP resources**

    * [GCP IAM Documentation](https://cloud.google.com/iam/docs)
    * [Organization Policy Constraints](https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints)
    * GCP Support for account-specific issues
  </Card>
</CardGroup>

***

<Note>
  **Next steps**: After connecting your GCP account, you can deploy your application by selecting your GCP environment in the deployment options. Monitor the deployment progress through the Encore Cloud dashboard.
</Note>