Google Cloud Platform (GCP) is one of the world’s leading public cloud providers, offering a variety of cloud services. You can add a GCP account to InsightCloudSec in the following ways:
The approach you use depends largely on the number of accounts you're adding; fewer accounts will more likely be added as projects. Adding organizations allows you to add multiple projects initially as well as auto-add newly created projects (and auto-badge them as well). You will need organizational permissions to add organizations. See Organizations (GCP) for more information.
Deleting GCP Projects
For customers that onboard GCP Projects individually (and not via GCP Organizations) any GCP projects deleted upstream/via the console, will be marked as invalid and harvesting will be paused. Customers will need to manually remove these projects from the tool.
InsightCloudSec supports the following services for GCP.
- For a list of support services/resources for GCP and across all of our supported Cloud Service Providers, check out our Resource Matrix.
Artifact Registry (Container Image) BigQuery (Dataset) Cloud Armor Cloud Bigtable Cloud Billing (Export) Cloud DNS Cloud Functions Cloud Identity (Domain Groups, Domain Users, Group) Cloud Interconnect Cloud Key Management Service (CryptoKey, key ring) Cloud Load Balancing (Backend Services, Forwarding Rules, SSL Certificate, Target Proxies) Cloud Logging (Logs Storage, Logs Router Sinks) Cloud NAT Cloud Run Cloud Spanner Cloud SQL (Backup, Database) Cloud Storage Cloud VPN (VPN Gateway, VPN Tunnel) Compute Engine (Autoscaler, Image, Instance, Reserved IP, Snapshot, SSH Key Pair) Dataproc Filestore Firewalls (Rules) Google Kubernetes Engine IAM (Role Permission Set, Service Account, Service Account Key, User) Limit Memorystore Notebooks Organization Persistent Disk Project Pub/Sub (Subscription, Topic) Recommender (Insight, Recommendation) Region Secret Security Command Center (Event Threat Detection) Stackdriver Sink Virtual Private Cloud (Network Interface, Network Peer, Subnet)
The following APIs can be enabled from the APIs and Services Library within the GCP Console and are recommended to harvest all of the services listed above. Contact us through the Customer Support Portal if you have any questions or concerns about any of the APIs.
Cloud Policy Analyzer API
The Cloud Policy Analyzer API needs to be enabled in each project added to InsightCloudSec so Service Accounts can be properly harvested.
Admin SDK API Artifact Registry API BigQuery API Cloud Asset API - Container Registry Cloud Bigtable Admin API Cloud Billing API* Cloud Dataproc API Cloud Deployment Manager V2 API Cloud DNS API Cloud Filestore API Cloud Functions API Cloud Key Management Service (KMS) API Cloud Logging API Cloud Memorystore for Memcached API Cloud Memorystore for Redis API Cloud Monitoring API Cloud Policy Analyzer API Cloud Pub/Sub API Cloud Resource Manager API Cloud Secrets Manager API Cloud Spanner API Cloud SQL Cloud SQL Admin API Cloud Storage Compute Engine API Compute Engine Instance Group Manager API Compute Engine Instance Group Updater API Compute Engine Instance Groups API Container Analysis API Google+ API Identity and Access Management (IAM) API Identity Toolkit API Kubernetes Engine API Notebooks API Org Policy API Recommender API Security Command Center API Serverless VPC Access API Service Management API Service Usage API
- Enabling the Cloud Billing API is optional
Updated 12 days ago