You must set up the Accurics project for scanning your Google Cloud resources.
- Log in to the Accurics Console.
- In the left pane, click the Create a new icon ( ) and then click Connection > GCP Project.
- Provide an environment name, select Enterprise Mode, and then click Next.
- Click Google Cloud as the Cloud Provider.
- Select Configure Cloud Scan.
- Upload the Google Service Account Key JSON file. See Steps for creating the JSON file.
- Select a region.
- Select one or more GCP projects containing the resources you wish to scan.
- Set up an IAC Repository Scan.
- Select the appropriate compliance policies. The cloud resources will be scanned for violations as per the chosen policy.
- Review the information and click Save.
- Initiate a cloud scan.
How to create a service account and get the JSON file from GCP
Perform the following steps to create a service account on GCP and get the JSON file that you need to upload to the Accurics Console while adding GCP as the cloud provider in your environment.
- Login to the GCP Console and go to Service Accounts.
- On the Service Accounts page, click Create Service Account.
- Enter the service account details: Name and Description, and then click Create.
- You need to provide Viewer permissions at a minimum. This will scan all the cloud resources other than cloud storage. For scanning the cloud storage, add the Storage Admin or the Storage Object Admin role.
- Once you have added the required roles, click Continue.
- Add users or groups to access this service account. This step is not mandatory.
- Click Done.
Your service account gets created and is listed on the Service Accounts page.
- Click your service account, confirm that the service account is active, and then go to the Keys tab.
- Click Add Key > Create new key, and select JSON. Then click Create.
- A private key in the form of a JSON file gets downloaded on your computer.
- You can upload this JSON file to connect your Accurics Environment to GCP.