Purpose

This document describes how to create Google Cloud Platform (GCP) credentials.

Introduction

Google Cloud Platform (GCP)  is a suite of cloud computing services that runs on the same infrastructure that Google uses internally. Alongside a set of management tools, it provides infrastructure as a service, platform as a service, and serverless computing environments.

Configure a GCP Account

To navigate to this section, 

  1. Log in to OUTSCAN.
  2. Go to Main Menu > Portal
  3. Click the Account icon in the upper right corner.
  4. Click Credentials.

    Credentials

  5. Click Add Credentials, and select Google Cloud Platform from the drop-down menu of account type to add a new GCP credentials. 

    Add Credentials
  6. Add the name of your GCP account.
  7. Upload the access key in JSON format. 
  8. By clicking ADD, an credentials is created. 

To manage your account, refer to Scan Credentials.

Create a GCP Account and Keys - Google Cloud Console

Refer to Create and Manage service accounts, to manage IAM service accounts.  

Steps to Create a Service Account

  1. Log in to Google Cloud Platform.

    Google Cloud Platform
  2. Open the Service Accounts page. 

    Service Accounts page
  3. Click on + CREATE SERVICE ACCOUNT

    Create Service Account
  4. Fill in the details and click CREATE.
  5. Add service account permissions and roles to allow a user to manage service account.

    Note

    The Service account created on GCP must have a Role set to Project Viewer without anything else.

     


    Service Account Permission

Steps to enable GCP API

  1. Enter the APIs & Services Dashboard page.

    Steps to enable GCP API

  2. Click on  + ENABLE APIS AND SERVICES on the top of the dashboard.

    Enable APIs and services

  3. Search for the required API,  Compute Engine API in this example.

    Compute Engine API

  4. Click on the API block and then enable it by clicking on the ENABLE button.

    Enable API


You need to enable the following GCP API in order to be able to run GCP Compliance policy such as "CIS Google Cloud Platform Foundation Benchmark".

  • Compute Engine API
  • Kubernetes Engine API
  • Cloud Key Management Service (KMS) API
  • Identity and Access Management (IAM) API
  • Cloud Logging API
  • Cloud Resource Manager API
  • Cloud DNS API
  • Cloud Functions API
  • Cloud SQL Admin API

You can double check GCP enabled APIs at the bottom of the "APIs & Services" Dashboard.

CIS Google Cloud Platform Foundation Benchmark

Steps to Create Key

  1. After granting user access, click on Create Key.

     Create Key

  2. Select JSON as the Key type/format and click on CREATE.


Note

Refer to Creating and Managing Service Account Keys, for detailed information regarding how to generate Access keys. The uploaded access key is the credential used to run a GCP scan.




Copyright

© 2022 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.