Google Cloud Provider (GCP)
Overview
This document provides a step-by-step guide on how to set up Google Cloud Platform (GCP) credentials for the RegScale integration. These credentials are necessary for authenticating and authorizing RegScale to access GCP services.
Prerequisites
- Access to a Google Cloud Platform account.
- Basic knowledge of GCP services and IAM (Identity and Access Management).
Steps to Create GCP Credentials
1. Create a GCP Project
If you haven't already, create a new GCP project:
- Navigate to the GCP Console.
- Click on the project drop-down near the top of the page and select "New Project".
- Follow the prompts to create your new project.
2. Enable Necessary APIs
You need to enable the APIs that your application will use. This can be done either through the GCP Console or via the command line. For instance, if you're using the Security Command Center API, follow these steps:
Through the GCP Console:
- Open the API Library in the GCP Console.
- Look for and enable the necessary APIs (for example, the Security Command Center API and the Cloud Asset API).
Through the Command Line:
- Use the following commands to enable the APIs:
- For the Security Command Center API:
gcloud services enable securitycenter.googleapis.com --project {PROJECT_ID}
- For the Cloud Asset API:
gcloud services enable cloudasset.googleapis.com --project {PROJECT_ID}
- For the Security Command Center API:
Remember to replace {PROJECT_ID}
with your actual GCP Project ID in the commands above.
3. Create a Service Account
- In the GCP Console, go to the "IAM & Admin" section, and select "Service accounts".
- Click "Create Service Account", enter a name and description, and click "Create".
- Assign the necessary roles to the service account (e.g., roles/securitycenter.admin for Security Command Center access, roles/).
- Click "Done" to create the service account.
4. Generate a Key File
- Find the newly created service account in the list and click on it.
- Go to the "Keys" section and click "Add Key" > "Create new key".
- Choose "JSON" as the key type and click "Create".
- A JSON key file will be downloaded to your computer. Securely store this file, as it provides access to your GCP services.
Configuring the Integration with GCP Credentials
Once you have your service account key file:
-
Setting an Environment Variable (Optional):
You can set the
GOOGLE_APPLICATION_CREDENTIALS
environment variable to the path of the JSON key file. This method is recommended for authenticating with GCP services.export GOOGLE_APPLICATION_CREDENTIALS="/path/to/your/keyfile.json" export gcpProjectId="Your GCP Project ID"
Please replace
"/path/to/your/keyfile.json"
with the actual path to your key file and'Your GCP Project ID'
with your actual GCP Project ID. Use the number format of the Id (e.g. 000000000000) and surround it with quotes. -
Directly in the Application (Recommended):
Alternatively, you can add
gcpCredentials
andgcpProjectId
to yourinit.yaml
file. For example, you can specify the path to your credentials file as shown below:gcpCredentials: '/path/to/credentials.json' gcpProjectId: 'Your GCP Project ID' gcpOrganizationId: 'Your GCP Project ID' gcpScanType: 'project | organization'
Again, ensure you replace
"/path/to/credentials.json"
with the actual path to your key file and'Your GCP Project ID'
with your actual GCP Project ID. Use the number format of the Ids (e.g. 000000000000) and surround it with quotes.
Important Notes
- Security: Treat the service account key file as sensitive data. It should not be committed to source control or left in insecure places.
- Roles and Permissions: Assign only the necessary roles to the service account to follow the principle of least privilege.
- Documentation: Refer to the GCP IAM Documentation for more details on managing service accounts and roles.
Usage
You can use the regscale gcp sync_assets
and regscale gcp sync_findings
commands to synchronize your GCP assets and findings with RegScale. Here is how you can use these commands:
Sync Assets:
regscale gcp sync_assets ---regscale_ssp_id [RegScale Plan ID]
Sync Findings:
regscale gcp sync_findings ---regscale_ssp_id [RegScale Plan ID]
Replace [RegScale Plan ID]
with the actual ID number from RegScale of the System Security Plan. These commands are required to run the integration.
NOTE: See All Scanner Integrations for information about how this updates Issues/POAMs
Updated 2 months ago