GCP Data Source Setup
This page explains how to setup & onboard an GCP account as a data source.
GCP setup overview
Secberus is completely agentless and uses a read-only API permission to securely access your GCP metadata. In order to create a GCP data source in Secberus you will need administrator access to the Google Cloud console.
SETUP ORGANIZATIONS FIRST
Secberus uses "Organizations" to allow users to segment visibility, posture, teams, and actions within the platform.
Cloud environments only exist within Organizations, so it is important to make sure you setup your organizational structure first before onboarding cloud environments to those specific Organizations.
Click here to Setup Organizations.
Connecting a GCP account
What to Expect
Connecting a GCP account takes about 10 minutes and requires administrative access to the cloud environment you wish to connect.
- From the GCP console, in the search bar, type IAM, and click on IAM & Admin..
- From the left-hand navigation menu, click on Roles, then + CREATE ROLE.
- Give the role a meaningful name, click on + ADD PERMISSIONS.
- Search for and select
storage.buckets.getIamPolicy
. Click ADD.
- Click on CREATE.
- From the left-hand navigation menu, click on Service Accounts.
- Select + CREATE SERVICE ACCOUNT.
- Populate the Service account name and Service account description fields, then click CREATE AND CONTINUE.
- Using the Role selector to select the Basic > Viewer role.
- Click + ADD ANOTHER ROLE and add the custom role you created in step 5.
- Click on DONE
- Click on the newly created service account from the Service accounts screen.
- With the service account open, select the KEYS tab and use the ADD KEY menu to Create new key.
- In the Create private key window leave the Key type as JSON and click CREATE.
- The private key will be saved to your computer. Keep this file in a safe location. Secberus will need the credentials to connect to your project.
Secberus - Connect GCP Data Source
- Log into Secberus and select the org you want to create the datasource connection in.
- Click on Settings and then click on Data sources.
- Choose the GCP data source type in the Add new data source section.
- Populate the Name field for the new data source. Open the credentials json file from step 15 and copy the project_id value into the Projects field.
- Finally, drag and drop or select the credentials json file from step 15 and click Connect.
CONGRATULATIONS 🎉
You have successfully onboarded a data source for your Google Cloud Platform account. You can now add more GCP accounts, onboard other cloud provider accounts, or apply a policy to this GCP account. Additionally, you can view the connection status of each data source monitored once Secberus begins collection resource data for evaluation.
Updated 1 day ago