Skip to main content

Google Cloud Platform

Step to Generate Credentials for Google Cloud

  1. Login to Google Cloud Console
  2. Select the project that you want to monitor.
  3. From the left navigation pane, select IAM & admin and then Service Accounts.
  4. Select CREATE SERVICE ACCOUNT.
  5. Fill in the Service Account ID, and then click Create and Continue
  6. Select the role Basic -> Viewer, and then click Done
  7. On the rightmost column, click on Actions, and then Manage Keys
  8. Click Add Keypair, and then Create New Key
  9. Select JSON as your key Type and click create to download the JSON key

Existing Functionalities

info

Go to API Reference to see the list of APIs.

  1. List all GCP information (POST /api/v1/gcp)
    1. Includes: regions, zones, networks, subnets, firewalls, disks, instances, keypairs, buckets, and clusters
  2. List GCP Compute Engine Resource (POST /api/v1/gcp/ce) Includes: Regions, Zones, Network, Firewall, Disks, Instances
  3. List GCP Buckets (POST /api/v1/gcp/buckets)
  4. List GCP k8s clusters (POST /api/v1/gcp/k8s)

Required Permissions

warning

Not tested yet.

The following perimissions are required:

  • compute.disks.list
  • compute.firewalls.list
  • compute.globalOperations.get
  • compute.instances.list
  • compute.networks.list
  • compute.projects.get
  • compute.regions.list
  • compute.subnetworks.list
  • compute.zones.list
  • iam.serviceAccounts.get
  • storage.buckets.list

Vulnerability Scan Permission

The following permissions are required:

  • compute.firewalls.create
  • compute.firewalls.delete
  • compute.networks.updatePolicy
  • compute.projects.setCommonInstanceMetadata
  • iam.serviceAccounts.actAs

To Create a custom role with these permissions, see this page. Then you can assign the role to the service account following this page.