Connect Google Cloud Account
GCP connects via OAuth. Sign in with Google, authorize, and you're set.
Prerequisites
- A GCP project with billing enabled
- Owner or Editor role on the project
- Required APIs enabled (see below)
Enable Required APIs
Before connecting, enable these APIs in your GCP project (APIs & Services > Enable APIs):
| API | Purpose | Direct Link |
|---|---|---|
| Compute Engine API | Create/manage VMs | Enable (opens in a new tab) |
| Cloud Resource Manager API | List projects | Enable (opens in a new tab) |
| Cloud Storage API | Manage buckets | Enable (opens in a new tab) |
| Cloud DNS API | Manage DNS zones | Enable (opens in a new tab) |
If you skip this step, you'll get "API not enabled" errors when trying to use OEC.sh features.
Connect via OAuth
- Go to Settings > Cloud Accounts > Add Account
- Click Google Cloud under One-Click Connect
- Sign in with your Google account
- Review permissions and click Continue
You may see "This app isn't verified" -- this is normal. Click Advanced > Go to OEC.sh (unsafe) to proceed.
The account shows Active with Compute, Storage, and DNS badges.
Permissions Requested
| Scope | Purpose |
|---|---|
compute | Manage Compute Engine VMs |
cloud-platform.read-only | List projects and resources |
openid, email, profile | Identify your account |
Using Your GCP Account
Servers -- Go to Servers > Add Server > Provision from Cloud. Pick project, region/zone (e.g., us-central1-a), and machine type (e.g., e2-medium).
Backups -- Go to Settings > Storage > Quick Setup. Select or create a Cloud Storage bucket. GCP Cloud Storage is S3-compatible via HMAC keys -- OEC.sh handles this automatically.
DNS -- Go to Settings > DNS Providers > Quick Setup. Select a Cloud DNS managed zone.
Regions
| Region | Zones | Location |
|---|---|---|
us-central1 | a, b, c, f | Iowa |
us-east1 | b, c, d | South Carolina |
europe-west1 | b, c, d | Belgium |
europe-west4 | a, b, c | Netherlands |
asia-east1 | a, b, c | Taiwan |
asia-southeast1 | a, b, c | Singapore |
Token Management
Tokens refresh automatically. If the account expires (password change, 2FA reset, or revoked access), click Reconnect and re-authorize.
To fully disconnect: delete the account in OEC.sh, then revoke OEC.sh access in Google Security Settings (opens in a new tab).
Alternative: Service Account Key
If OAuth doesn't work for your setup (e.g., automated pipelines), you can use a service account:
- GCP Console > IAM & Admin > Service Accounts > Create
- Grant
compute.admin,storage.admin,dns.adminroles - Create and download a JSON key
- In OEC.sh, use API Key Authentication > Google Cloud and paste the JSON
OAuth is preferred since there's no key file to manage.
Troubleshooting
"API not enabled" -- Enable the missing API in GCP Console > APIs & Services. Wait a minute, then retry.
"No projects found" -- Create a GCP project, make sure billing is enabled, and verify you have Owner/Editor role.
VM creation fails -- Check quotas (IAM & Admin > Quotas), verify billing is active, and try a different zone.
Account shows "Expired" -- Password or 2FA change invalidated the token. Click Reconnect.
Cost Notes
| Resource | Billing |
|---|---|
| Compute Engine VMs | Per-second based on machine type |
| Cloud Storage | Per GB + network |
| Cloud DNS | Per zone/month + queries |
Use e2- machine types for the best cost efficiency. Preemptible VMs work well for non-production.