Create a Google Cloud Platform (GCP) Connection to Cloud Configuration Assessment

You can configure a Google Cloud Platform (GCP) connection to Cloud Configuration Assessment (CCA). This connection allows CCA to collect data from your GCP resources on a scheduled interval basis. Cloud Configuration Assessment uses this data to assess your vulnerabilities in the cloud.

GCP connection requirements

You must meet the following requirements before you can connect your Google Cloud Platform resources to Cloud Configuration Assessment in InsightVM.

  • A functioning InsightVM account with admin permissions
  • The necessary permissions to access the resources needed from Google

Prepare your browser for this procedure

Configuring a GCP connection involves completing steps in both your GCP environment and InsightVM. Having both of these interfaces open in separate browser tabs will make this procedure easier to complete.

Configure a GCP connection in CCA

Before you can create a GCP connection to CCA in InsightVM, you must set up the correct permissions in GCP.

Enable APIs

  1. From the Google console, select the organization and project you want to add to CCA.

Copy your Project ID

Copy and store your Project ID somewhere you can easily access it. You need the Project ID later.

  1. Click APIs & Services > Dashboard.

  2. Click Enable APIs and Services.

  3. Search for and select the APIs you want to enable.

  1. Click Enable.
    Repeat this process to enable any other APIs.

Create a custom role

  1. Click Roles > Create Role > Add Permissions.
  2. In the filter, select the following permissions:
    • storage.buckets.get
    • storage.buckets.getIAMPolicy
    • bigquery.tables.get
    • bigquery.tables.list
    • cloudasset.assets.listResource
  3. Click Add.
  4. Complete the required information and click Create.
  5. From the API Services Dashboard, click Credentials > Create Credentials > Service Account.
  6. Complete the service account details and click Create.
  7. In the Select a role field, select the custom role.
  8. In the Select a role field, select either of the following:
    • Project > Viewer to allow CCA to view all cloud resources.
    • Project > Editor to allow CCA to view and edit all cloud resources.
  9. Click Continue.
  10. Click Create Key.
  11. Select JSON as the key type.
  12. Click Done.

Copy your JSON key

Copy and store your JSON key. This is the only time you are able to access the key.

Configure a GCP connection in CCA

Use InsightVM’s Cloud Configuration Assessment connection wizard to create your connection.

  1. On the Cloud Configuration Assessment page, click Enable.
  2. Click Add next to Google Cloud Platform.
  3. Add your GCP connection credentials.
  4. Click Save.