Connecting a GCP Account
TABLE OF CONTENTS
GCP Account Connection Overview
Before Aqua CSPM can produce any security scan results, you must connect a cloud account. For Google Cloud, this is done through the use of a Service Account. A Service Account is an entity that can be assumed by a third party and secured to only access resources in a project.
Drag and Drop (Recommended)
Step 1: Navigate to the Cloud Accounts page.
- Click Connect Account on the top right.
Step 2: Choose "Google Cloud Platform (GCP)" under Account Type and "Drag and Drop (Recommended)" under Method.
Step 3: Use the following steps to create a Service Account and attach a role.
- Log into your Google Cloud console and navigate to IAM Admin > Service Accounts.
- Click Create Service Account.
- Enter "Aqua" in the Service account name, enter "Aqua API Access" in the Service account description, and click Create.
- Select the role: Project > Viewer.
- Click on Add Another Role.
- Select the role IAM > Security Reviewer.
- Click Done.
- Select the newly created Service Account.
- Select ADD KEY > Create new key.
- Select JSON > Create.
- Save the provided JSON file (Credentials).
- Select GCP organisation from the top and go to IAM.
- Click on GRANT ACCESS on top and add Organisation Viewer and Organisation Policy Viewer role to the service account and click Save.
Step 4: Drag and drop the JSON file newly created on step 3.8 in the Aqua connection wizard.
Manual Setup
Step 1: Follow the Drag and Drop Instructions without dragging and dropping the JSON file.
Step 2: Open the JSON file and copy and paste the Project ID, Client Email, and Private Key.
Limitation
For plugins involving BigQuery tables, we support a maximum limit of 50,000 tables when collecting data.
Did you find it helpful? Yes No
Send feedbackSorry we couldn't be helpful. Help us improve this article with your feedback.