GCP Overview and Support
An Overview of InsightCloudSec Support for Google Cloud Platform
Google Cloud Platform (GCP) is one of the world’s leading public cloud providers, offering a variety of cloud services. You can add a GCP account to InsightCloudSec in the following ways:
- As a single - GCP project
- As multiple projects - an organization
The approach you use depends largely on the number of accounts you're adding; fewer accounts will more likely be added as projects. Adding organizations allows you to add multiple projects initially as well as auto-add newly created projects (and auto-badge them as well). You will need organizational permissions to add organizations. See Organizations (GCP) for more information.
Deleting GCP Projects
For customers that onboard GCP Projects individually (and not via GCP Organizations) any GCP projects deleted upstream/via the console, will be marked as invalid and harvesting will be paused. Customers will need to manually remove these projects from the tool.
Supported Services - GCP
InsightCloudSec supports the following services for GCP.
- For a list of support services/resources for GCP and across all of our supported Cloud Service Providers, check out our Resource Matrix.
Artifact Registry (Container Image)
BigQuery (Dataset)
Certificate Authority Service
Cloud Armor
Cloud Bigtable
Cloud Billing (Export)
Cloud CDN
Cloud Composer
Cloud Data Fusion
Cloud DNS (Zone)
Cloud Domains
Cloud Functions
Cloud Identity (Domain Groups, Domain Users, Group)
Cloud Interconnect
Cloud Key Management Service (Key, Key ring)
Cloud Load Balancing (Backend Services, Forwarding Rules, SSL Certificate, Target Proxies, URL Maps)
Cloud Logging (Bucket, Logs Storage, Logs Router Sinks)
Cloud NAT
Cloud Run
Cloud Spanner
Cloud SQL (Backup, Database)
Cloud Storage
Cloud VPN (VPN Gateway, VPN Tunnel)
Compute Engine (Autoscaler, Image, Instance, Reserved IP, Snapshot, SSH Key Pair)
Credentials (API Keys)
Data Loss Prevention (inspection job)
Dataflow Jobs
Dataproc
Filestore
Firewalls (Rules)
Google Kubernetes Engine
IAM (Role Permission Set, Service Account, Service Account Key, User)
Limit
Memorystore
Notebooks
Organization
Persistent Disk
Project
Pub/Sub (Subscription, Topic)
Recommender (Insight, Recommendation)
Region
Secret
Security Command Center (Event Threat Detection)
Stackdriver Sink
Virtual Private Cloud (Network Interface, Network Peer, Subnet)
Recommended APIs
The following APIs can be enabled from the APIs and Services Library within the GCP Console and are recommended to harvest all of the services listed above. Contact us through the Customer Support Portal if you have any questions or concerns about any of the APIs.
Cloud Policy Analyzer API
The Cloud Policy Analyzer API needs to be enabled in each project added to InsightCloudSec so Service Accounts can be properly harvested.
Admin SDK API
API Keys API
Artifact Registry API
BigQuery API
Certificate Authority Service API
Cloud Asset API
- Container Registry
Cloud Bigtable Admin API
Cloud Billing API*
Cloud Composer API
Cloud Data Fusion API
Cloud Data Loss Prevention (DLP) API
Cloud Dataproc API
Cloud Deployment Manager V2 API
Cloud Domains API
Cloud DNS API
Cloud Filestore API
Cloud Functions API
Cloud Key Management Service (KMS) API
Cloud Logging API
Cloud Memorystore for Memcached API
Cloud Memorystore for Redis API
Cloud Monitoring API
Cloud Policy Analyzer API
Cloud Pub/Sub API
Cloud Resource Manager API
Cloud Secrets Manager API
Cloud Spanner API
Cloud SQL
Cloud SQL Admin API
Cloud Storage
Compute Engine API
Compute Engine Instance Group Manager API
Compute Engine Instance Group Updater API
Compute Engine Instance Groups API
Container Analysis API
Dataflow API
Google+ API
Identity and Access Management (IAM) API
Identity Toolkit API
Kubernetes Engine API
Notebooks API
Org Policy API
Recommender API
Security Command Center API
Serverless VPC Access API
Service Management API
Service Usage API
- Enabling the Cloud Billing API is optional
Updated 25 days ago