HomeGuidesTerms & ConceptsAPI DocumentationRelease NotesStatus

GCP Setup

This page explains how to setup & onboard an GCP account as a data source.

Suggest Edits

GCP setup overview

SECBERUS is completely agentless and uses a read-only API permission to securely access your GCP metadata. In order to create a GCP data source in Secberus you will need administrator access to the Google Cloud console.

❗️

SETUP ORGANIZATIONS FIRST

Secberus uses "Organizations" to allow users to segment visibility, posture, teams, and actions within the platform.

Cloud environments only exist within Organizations, so it is important to make sure you setup your organizational structure first before onboarding cloud environments to those specific Organizations.

Click here to Setup Organizations.

Connecting a GCP account

📘

What to Expect

Connecting a GCP account takes about 5 minutes and requires administrative access to the cloud environment you wish to connect.

  1. From the GCP console, select IAM & Admin and click Service Accounts.
Select 'IAM & Admin' and click 'Service Accounts'

Select 'IAM & Admin' and click 'Service Accounts'

  1. Select + CREATE SERVICE ACCOUNT.
Select '+ CREATE SERVICE ACCOUNT'

Select '+ CREATE SERVICE ACCOUNT'

  1. Populate the Service account name and Service account description fields, then click CREATE AND CONTINUE.
Populate account details and select 'CREATE AND CONTINUE'

Populate account details and select 'CREATE AND CONTINUE'

  1. Using the Role selector to select the Basic > Viewer role.
Select 'Basic' > 'Viewer'

Select 'Basic' > 'Viewer'

  1. With the Role set to Viewer click the CONTINUE button.
Select 'Continue'

Select 'Continue'

  1. Leave the optional fields blank for step 3, and select the DONE button.
Select 'Done'

Select 'Done'

  1. Select the newly created service account from the Service accounts screen.
Select the newly created service.

Select the newly created service.

  1. With the service account open, select the KEYS tab and use the ADD KEY menu to Create new key.
Select 'Create new key' from the 'ADD KEY' menu

Select 'Create new key' from the 'ADD KEY' menu

  1. In the Create private key window leave the Key type as JSON and click CREATE.
Select 'Create'

Select 'Create'

  1. The private key will be saved to your computer. Save this file for the next steps.
Retain the downloaded key file

Retain the downloaded key file

  1. Go to the Secberus application and select Data sources under Settings and click the GCP icon under Add new data source.
Navigate to 'Settings' > 'Data sources' and select 'GCP'

Navigate to 'Settings' > 'Data sources' and select 'GCP'

  1. Populate the Name field for the new data source. Open the json file from step 10 and copy the project_id value from the json into the Projects field.
Name the data source and paste the 'project_id' field from the key file into 'Projects'

Name the data source and paste the 'project_id' field from the key file into 'Projects'

  1. Finally, select the json from step 10 and click Connect.
Select the json from step 10 and click 'Connect'

Select the json from step 10 and click 'Connect'

👍

CONGRATULATIONS 🎉

You have successfully onboarded a data source for your Google Cloud Platform account. You can now add more GCP accounts, onboard other cloud provider accounts, or apply a policy to this GCP account. Additionally, you can view the connection status of each data source monitored once Secberus begins collection resource data for evaluation.

Updated 3 months ago