When connecting your Google Projects to Aqua CSPM use the following Custom Role and assign it to your connected Service Account.


Follow these steps to create the GCP Org Security Audit Role


Step 1: Retrieve the Aqua CSPM Security Audit Role Template

  • Open Google Cloud Shell.
  • Enter the following command to load the Template.
    curl https://aqua-cspm-resources.s3.amazonaws.com/google/security-audit-role-org.yaml -o security-audit-role-org.yaml


Step 2: Create the Role in your Organization

  • Use the following command by replacing your Organization Id.
gcloud iam roles create AquaCSPMSecurityAudit --organization=YOUR_ORGANIZATION_ID --file=security-audit-role-org.yaml


Step 3: Verify Role Creation

  • Visit the IAM Console > Roles.
  • Select your Organization .
  • Verify your role was created accordingly.


Follow these steps to create the GCP Security Audit Role


Step 1: Retrieve the Aqua CSPM Security Audit Role Template

  • Open Google Cloud Shell.
  • Enter the following command to load the Template.
    curl https://aqua-cspm-resources.s3.amazonaws.com/google/security-audit-role.yaml -o security-audit-role.yaml


Step 2: Create the Role in your Organization

  • Use the following command by replacing your Project Id.
gcloud iam roles create AquaCSPMSecurityAudit --project=YOUR_PROJECT_ID --file=security-audit-role.yaml


Step 3: Verify Role Creation