Before setting up the environment, gather the following details to ensure proper configuration:

• Region & Zones
  • Choose the GCP region where resources will be deployed (e.g., us-central1, europe-west1).
  • Decide on Zones. While Quix supports multiple zones, we generally advise against it to reduce complexity and cost. Additionally, GCP charges for inter-zone traffic, which can become expensive depending on workload patterns.
• Networking & CIDR Ranges
  • Identify any existing Virtual Private Clouds (VPCs) that this environment needs to peer with.
  • Define the primary CIDR range for this environment (e.g., 10.1.0.0/19) that does not overlap with existing networks.

Setup

1. Create a new GCP project through your internal process

   Steps:

   1. Login to your organisation’s GCP console.
   2. Click on dropdown next to Google Cloud (top bar) > New project (top of the popup).
   3. Fill in the required details, give project a descriptive name
   4. Once created, ensure that you have switched to the newly created project by selecting it from the top navigation bar.

2. Set up an IAM role for access

   Steps:

   1. Select IAM in the left menu.
   2. Click +Grant access
   3. New principal is [email protected]
   4. Add following roles:
      1. roles/editor – Grants modification access to most resources.
      2. roles/resourcemanager.projectIamAdmin – Allows IAM policy modifications.
      3. roles/serviceusage.serviceUsageAdmin – Manages API & service enablement.
   5. Click Save.

3. Once project and role are created, send the new project’s id (not the name) to us so we can begin the setup process. Also send us the gathered details asked at the beginning of this guide.

Frequently Asked Questions

Access & Permissions

Q: Can I assign a different role instead of AdministratorAccess? A: No, we require the specified IAM roles to setup up additional IAM roles, manage policies, and networking configurations effectively. Lesser roles may prevent necessary permissions from being assigned.

Q: Do I need to create individual IAM users for each Quix engineer? A: No, you only need to grant access to [email protected] as described in the setup guide. Our internal team will manage access on our side.

Q: Can I remove Quix’s access after the setup is complete? A: You can restrict access after deployment, but without the necessary IAM roles, we can only provide guidance—you’ll need to apply fixes manually. This may affect SLA commitments if an issue requires direct intervention. We recommend keeping at least roles/viewer for monitoring and a Break-Glass role to temporarily restore full permissions if needed.

Networking & Peering

Please see our private networking guide.

Security & Compliance

Q: Does Quix require public internet access? A: No, all required services can be configured to use private endpoints among other options. Incoming connections can remain private, but outgoing traffic requires NAT. Please let us know if this is required.

Q: What if my security team has additional compliance requirements? A: We can accommodate specific security controls. Share your compliance requirements early so we can incorporate them into the setup.