Connect Google Cloud Platform Account
Connect your GCP account to OEC.sh using secure OAuth authentication.
What You'll Get
After connecting your GCP account, OEC.sh can:
| Capability | What It Enables |
|---|---|
| Compute | Auto-provision Compute Engine VMs for Odoo hosting |
| Storage | Use Cloud Storage (S3-compatible) for backups |
| DNS | Manage Cloud DNS zones for your domains |
Prerequisites
Before you begin, ensure you have:
- Active GCP project (Create one here (opens in a new tab))
- Billing enabled on your project
- Owner or Editor role on the project
- Required APIs enabled (see Enable APIs)
Enable Required APIs
Before connecting, enable these APIs in your GCP project:
- Go to GCP Console (opens in a new tab)
- Select your project
- Go to APIs & Services > Enable APIs and Services
- Enable these APIs:
| API | Purpose | Enable Link |
|---|---|---|
| Compute Engine API | Create/manage VMs | Enable (opens in a new tab) |
| Cloud Resource Manager API | List projects | Enable (opens in a new tab) |
| Cloud Storage API | Manage storage buckets | Enable (opens in a new tab) |
| Cloud DNS API | Manage DNS zones | Enable (opens in a new tab) |
Important: If APIs aren't enabled, you'll get "API not enabled" errors when using OEC.sh features.
Connection Method
GCP uses OAuth 2.0 authentication. You'll authorize OEC.sh to access your GCP resources through Google's secure login.
Step-by-Step Connection
Step 1: Navigate to Cloud Accounts
- Log in to app.oec.sh (opens in a new tab)
- Click Settings in the left sidebar
- Click the Cloud Accounts tab
Step 2: Start Connection
- Click the Add Account button
- Under One-Click Connect (OAuth), find Google Cloud
- Click the Google Cloud card
Step 3: Sign in to Google
A new browser tab opens to Google:
- Sign in with your Google account
- Use an account with project Owner or Editor access
- Select the Google account if prompted
Step 4: Review and Consent
Google shows you what OEC.sh is requesting:
Permissions requested:
- View and manage Compute Engine resources
- View and manage Cloud Storage
- View your GCP projects
Review carefully:
- Verify the app name shows "OEC.sh"
- Confirm the permissions list
- Click Continue (or Allow)
Note: You may see "This app isn't verified" warning. This is normal for new OAuth apps. Click "Advanced" > "Go to OEC.sh (unsafe)" to proceed.
Step 5: Confirm Connection
After authorization:
- Browser redirects back to OEC.sh
- Your GCP account appears in the list
- Status shows Active with a green badge
- Capability badges display: Compute, Storage, DNS
Verify Your Connection
Check Account Status
Your connected account should display:
- Name: "Google Cloud" (you can rename it)
- Status: Active (green)
- Capabilities: Compute, Storage, DNS badges
- Account: Your Google email
Test the Connection
- Find your account in the list
- Click the refresh icon (circular arrow)
- Status should remain "Active"
- If validation fails, see Troubleshooting
What Permissions Does OEC.sh Request?
When you authorize OEC.sh, we request these GCP scopes:
| Scope | Purpose |
|---|---|
https://www.googleapis.com/auth/compute | Create and manage Compute Engine VMs |
https://www.googleapis.com/auth/cloud-platform.read-only | List projects, view resources |
openid, email, profile | Identify your Google account |
We can access:
- Compute Engine instances in your projects
- Cloud Storage buckets and objects
- Cloud DNS zones and records
We never:
- Access Gmail, Drive, or other Google services
- Modify billing settings
- Access resources in projects you don't authorize
GCP Project Requirements
IAM Roles
The Google account used must have these roles on the project:
| Role | Purpose |
|---|---|
roles/compute.admin | Manage Compute Engine VMs |
roles/storage.admin | Manage Cloud Storage |
roles/dns.admin | Manage Cloud DNS |
Or simply:
roles/owner- Full access (for initial setup)roles/editor- Edit access (no IAM management)
Billing
Your project must have billing enabled:
- Go to Billing in GCP Console
- Link a billing account to your project
- Without billing, you cannot create resources
Using Your GCP Account
For Server Provisioning
- Go to Servers > Add Server
- Choose Provision from Cloud
- Select your GCP account
- Choose:
- Project (if multiple)
- Region/Zone (e.g.,
us-central1-a) - Machine Type (e.g.,
e2-medium)
- Click Provision
For Backup Storage
- Go to Settings > Storage
- Click Quick Setup on your GCP account
- Select or create a Cloud Storage bucket
- Configure backup settings
Note: GCP Cloud Storage is S3-compatible via HMAC keys. OEC.sh handles this automatically.
For DNS Management
- Go to Settings > DNS Providers
- Click Quick Setup on your GCP account
- Select a Cloud DNS managed zone
- OEC.sh will manage A records automatically
Managing Your Connection
Refresh Token
OAuth tokens expire periodically. OEC.sh auto-refreshes them, but if issues occur:
- Click the refresh icon on your account
- OEC.sh will attempt token refresh
- Status should update
Reconnect Account
If refresh fails (e.g., password changed, permissions revoked):
- Click the Reconnect button
- Sign in with Google again
- Re-authorize OEC.sh
Disconnect Account
- In OEC.sh: Delete the cloud account
- In Google: Go to Security Settings (opens in a new tab)
- Find and revoke OEC.sh access
Troubleshooting
"This app isn't verified" Warning
Cause: New OAuth apps go through Google's verification process.
Solution:
- Click Advanced (bottom left)
- Click Go to OEC.sh (unsafe)
- Continue with authorization
This is safe - it just means the app is in verification.
"API not enabled" Error
Cause: Required GCP APIs aren't enabled.
Solution:
- Go to GCP Console > APIs & Services
- Enable the missing API (see Enable APIs)
- Wait 1-2 minutes for propagation
- Try again in OEC.sh
"Authorization Denied" Error
Cause: You clicked "Deny" or closed the window.
Solution:
- Click Add Account again
- Complete the authorization flow
- Click Allow when prompted
Account Shows "Expired"
Cause: OAuth tokens expired and couldn't auto-refresh.
Possible reasons:
- Google account password changed
- Two-factor authentication reset
- Revoked access in Google Security settings
Solution:
- Click Reconnect on the account
- Sign in with Google
- Re-authorize OEC.sh
"No projects found" Error
Cause: No projects accessible to your account.
Solution:
- Create a GCP project if you don't have one
- Verify you have Owner/Editor role on at least one project
- Ensure billing is enabled on the project
VM Creation Fails
Cause: Could be quota limits, API issues, or permissions.
Solutions:
- Quotas: Check IAM & Admin > Quotas
- APIs: Ensure Compute Engine API is enabled
- Billing: Verify billing is active
- Region: Try a different zone/region
Storage Bucket Access Denied
Cause: Bucket permissions or organization policies.
Solution:
- Check bucket IAM permissions
- Verify organization policies allow the access
- Ensure storage API is enabled
GCP Regions and Zones
OEC.sh supports major GCP regions:
| Region | Zones | Location |
|---|---|---|
us-central1 | a, b, c, f | Iowa, USA |
us-east1 | b, c, d | South Carolina, USA |
europe-west1 | b, c, d | Belgium |
europe-west4 | a, b, c | Netherlands |
asia-east1 | a, b, c | Taiwan |
asia-southeast1 | a, b, c | Singapore |
Tip: Choose a zone close to your users for best performance.
Cost Considerations
GCP charges for resources created by OEC.sh:
| Resource | Billing |
|---|---|
| Compute Engine VMs | Per-second based on machine type |
| Cloud Storage | Per GB stored + network |
| Cloud DNS | Per zone per month + queries |
| Network Egress | Outbound data charges |
Tips to minimize costs:
- Use preemptible VMs for non-production
- Enable committed use discounts
- Set up Cloud Storage lifecycle rules
- Use
e2-machine types (cost-optimized)
Alternative: Service Account (API Key)
For automated pipelines or if OAuth doesn't work, you can use a service account:
- Go to GCP Console > IAM & Admin > Service Accounts
- Create a service account
- Grant required roles
- Create and download JSON key
- In OEC.sh, use API Key Authentication > Google Cloud
- Paste the JSON key contents
Note: OAuth is preferred as it doesn't require managing key files.