Skip to main content

How to deploy your application on Google Cloud


To deploy on Google Cloud, you need to:

  • Have a Google Cloud account.
  • Have the permissions to create a compute resource on a Google project (i.e., You have one of the following roles in your google project: roles/owner, roles/compute.admin, roles/editor).
  • Enable the Compute Engine API and Cloud Resource Manager API in your google project.

To enable an API:

  • Go to: APIs & Services / Library
  • Search for an API (e.g., Compute Engine or Cloud Resource)
  • Click Enable

Fig. Enable Compute Engine API

Step 1. Choose the Google Cloud location

  • Go to: Prepare next deployment / Locations
  • Choose Google Cloud.

Fig. Choose Google Cloud location

Step 2. Authenticate for the first time

  • The first time you deploy an application on Google Cloud, the Cloud Topology Designer redirects you to Google Cloud to loggin.
  • After logging sucessfully, click on the allow button to grant the permissions for the Cloud Topology Designer to manage compute resources on Google Cloud on your behalf.

Fig. Authenticate and grant permissions


By clicking the allow button, you allow the Cloud Topology Design to access the following information:

  1. Read your email address for authentication purpose.
  2. List your Google projects to check if you have the permissions to deploy a VM on a project or not.
  3. Manage compute resources on Google Cloud (e.g., to create and delete a VM).

in particular, the Cloud Topology Designer requests the following OAuth scopes:


You can revoke the permissions any time later.

Step 3. Choose a Google project to deploy

  • Choose one Google project from the dropbox:

Fig. Choose a google project to deploy

  • The Cloud Topology Designer displays the Google projects, which you have the permissions to create a compute resource (i.e., you have one of the followng roles set in the project: roles/owner, roles/compute.admin, roles/editor.
  • If no projects are dislayed, it means you do not have the roles above set in a project. In such a case, ask your Google administrators to assign a role in a Google project for you.

Step 4. Choose a zone and keypair (optional)

You can choose an availability zone and a keypair for your computes as follows:

  • In the matching tab, click on a Compute.
  • Choose a matching image and flavor available from Google Cloud.
  • Choose an availability zone and a keypair from the dropbox.

Fig. Choose a zone and keypair


The default availability zone is europe-west1-c if not set.

  • If the keypair list is empty, you may create your keypair from the Open Telekom Cloud console or from the OpenStack API, and refresh the page.

Step 5. Deploy

  • Go to: Review & deploy / deploy.

Fig. Review and deploy

Revoke access

To manage compute resources on a user behalf, the Cloud Topology Designer receives a refresh token from Google Cloud and encrypts it in a Key Management System. The Cloud Topology Designer can only decrypt the refresh token, when the same user logs in to the Cloud Topology Designer again. It means, without the user loggin, it cannot decrypt the refresh token and thus cannot make any changes to Google Cloud.

To revoke the refresh token completely:

  • Go to: Manage your Google account / Security / Third party apps with account access.
  • Click on Revoke access button.

Fig. Revoke token

After the refresh token is revoked, if you deploy on Google Cloud again, the designer will prompt you to authenticate to Google Cloud again (Repeat step 2).