Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.


Introduction

This document describes how to create Google Cloud Platform (GCP) credentials.

Configure a GCP Account

To navigate to this section, 

  1. Log in to OUTSCAN.
  2. Go to Main Menu > Portal
  3. Click the Account icon in the upper right corner.
  4. Click Credentials.



  5. Click Add Credentials, and select Google Cloud Platform from the drop-down menu of account type to add a new GCP credentials. 

  6. Add the name of your GCP account.
  7. Upload the access key in JSON format. 
  8. By clicking ADD, an credentials is created. 

To manage your account, refer to Scan Credentials.

Create a GCP Account and Keys - Google Cloud Console

Refer to Create and Manage service accounts, to manage IAM service accounts.  

Steps to Create a Service Account

  1. Log in to Google Cloud Platform.

  2. Open the Service Accounts page. 

  3. Click on + CREATE SERVICE ACCOUNT

  4. Fill in the details and click CREATE.
  5. Add service account permissions and roles to allow a user to manage service account.

    Note

    The Service account created on GCP must have a Role set to Project Viewer without anything else.

     


Steps to enable GCP API

  1. Enter the APIs & Services Dashboard page.



  2. Click on  + ENABLE APIS AND SERVICES on the top of the dashboard.



  3. Search for the required API,  Compute Engine API in this example.



  4. Click on the API block and then enable it by clicking on the ENABLE button.


You need to enable the following GCP API in order to be able to run GCP Compliance policy such as "CIS Google Cloud Platform Foundation Benchmark".

  • Compute Engine API
  • Kubernetes Engine API
  • Cloud Key Management Service (KMS) API
  • Identity and Access Management (IAM) API
  • Cloud Logging API
  • Cloud Resource Manager API
  • Cloud DNS API
  • Cloud Functions API
  • Cloud SQL Admin API

You can double check GCP enabled APIs at the bottom of the "APIs & Services" Dashboard.

Steps to Create Key

  1. After granting user access, click on Create Key.

     

  2. Select JSON as the Key type/format and click on CREATE.


Note

Refer to Creating and Managing Service Account Keys, for detailed information regarding how to generate Access keys. The uploaded access key is the credential used to run a GCP scan.