When connecting your Google Projects to Aqua CSPM use the following Custom Role and assign it to your connected Service Account.

Follow these steps to create the GCP Security Audit Role

Step 1: Retrieve the Aqua CSPM Security Audit Role Template

  • Open Google Cloud Shell
  • Enter the following command to load the Template

    curl https://aqua-cspm-resources.s3.amazonaws.com/google/security-audit-role.yaml -o security-audit-role.yaml

Step 2: Create the Role in your Organization

  • Use the following command by replacing your Organization Id

gcloud iam roles create AquaCSPMSecurityAudit --organization=YOUR_ORGANIZATION_ID --file=security-audit-role.yaml

Step 3: Verify Role Creation

  • Visit the IAM Console > Roles 
  • Select your Organization 
  • Verify your role was created accordingly