DivvyCloud

Welcome to the DivvyCloud Docs!

DivvyCloud is a Cloud Security Posture Management (CSPM) platform that provides real-time analysis and automated remediation across leading cloud and container technologies.

For questions about documentation reach out to us [email protected]

Take Me to the Docs!    Release Notes

Projects (GCP)

Overview

This page walks through the steps required to add a single GCP account, also known as a project, into DivvyCloud. To read more about Google Cloud Projects, check out their information here.

In addition, we also support adding multiple GCP projects (aka organizations) to DivvyCloud. Review the details of that setup on the Organizations (GCP) page.

Otherwise, refer to the steps below to get set up.

Prerequisites

Before you get started you will want to make sure you have the following:

  • A functioning DivvyCloud installation with the appropriate admin permissions
  • The appropriate permissions to access the resources you will need from Google

If you have questions or concerns, reach out to us at [email protected]

Adding a GCP Project through the Google Console

1. To access the API Manager, log in to the GCP console. Verify that you have selected the organization and the project you wish to add to DivvyCloud.

🚧

Project ID

Note the Project ID; you will need this when adding the cloud account to DivvyCloud.

Google Project ID

2. To access the APIs & Services dashboard, select API & Services from the left navigation and click "Dashboard".

API & Services Dashboard

3. Enable APIs — Once you have selected Dashboard, you will see a list of APIs that are currently enabled.

Currently enabled APIs

  • We recommend that you enable the following APIs in order to gain visibility and access to those GCP services (services are listed below the APIs):

Recommended APIs for GCP

  • Cloud SQL
  • Cloud SQL Admin API
  • Compute Engine API
  • Compute Engine Instance Group Manager API
  • Google Cloud Deployment Manager V2 API
  • Cloud Storage
  • Google Compute Engine Instance Group Updater API
  • Compute Engine Instance Groups API
  • Google+ API
  • Kubernetes Engine API

DivvyCloud-supported GCP services:

BigQuery API
Cloud Filestore API
Cloud Dataflow API
Cloud Resource Manager API
Cloud Datastore API
Cloud Key Management Service (KMS) API
Cloud Dataproc API
Cloud SQL Admin API
Cloud Pub/Sub API
Stackdriver Logging API
Admin SDK   
Cloud Billing API
Compute Engine API
Identity and Access Management (IAM) API
Cloud Bigtable API
Cloud Bigtable Admin API
Cloud Functions API
Cloud Spanner API
Google Cloud SQL
Google Cloud Storage
Google Cloud Storage JSON API
Service Management API
Cloud DNS
Kubernetes Engine API
Stackdriver Monitoring

If you do not have all of the recommended APIs enabled, select "Enable APIs and Services". Otherwise, skip to "Creating Credentials."

Enable APIs and Services

4. In the Google API Library, enter the name of the missing API in the search box. Select the searched for API. (The example below shows just one match; multiple API matches may be shown in card format.)

5. You will see a description of the API. Once you have reviewed the information, select "Enable." Repeat the process until you have added all of the missing APIs.

6. Once you have verified your enabled APIs, click on Credentials on the navigation menu (from the API Services Dashboard).

Create credentials

7. Click on the "Create credentials" button and select "Service account" from the drop-down menu.
Note: this navigates to the IAM & Admin section of the Google Cloud Platform Dashboard.

Service account details

8. Complete the "Service account details" as follows, click "Create" when you're finished.

  • Service account name - the name you want to provide for the service account
  • ID - the service account ID
  • Service account description - a description of the account's purpose

9. Under Service Account permissions click on "Select a role".

  • Select "Project-->Viewer" to give DivvyCloud the scope to view all cloud resources.
  • Select "Project -->Editor" to view and act upon all cloud resources.
  • Add any conditions (optional), if desired.

Service account permissions

10. Click Continue to save your role selection.

11. To finish the process to "Create Service Account", click "Create Key*.

  • Select JSON as your key type. (This allows DivvyCloud to call APIs programmatically.)
  • If you want to configure the "Grant users access to this service account (optional), consult with your local administrator to confirm details, or reach out to [email protected] with questions.

12. Click "Done" to complete this process and confirm that your Service Account Key has been created. You should see a confirmation message with the name of your JSON key. (This also automatically downloads the key.)

❗️

Store this JSON in a secure place; the JSON contains the only copy of the keys.

Complete the creation of your key

Adding a GCP Project to DivvyCloud

1. Go to your DivvyCloud account. Navigate to the Clouds main page (under Cloud on the left-side navigation menu). Click on Add Cloud in the upper right.

Add a Cloud

2. Enter Cloud Information:

  • Select 'Google Cloud Platform' in the Select Technology dropbox.
  • Name your cloud account.
  • Provide your project ID from Setup on Google Console Step 1.
  • Enter the JSON from the credentials you created and saved earlier.
  • Enter an admin Email if you want to manage IAM and the Google Cloud Directory.

GCP Add a Cloud Form

3. Complete the optional validation step for permissions.

📘

Validation

Both AWS and GCP include the ability to optionally validate permissions before adding a new cloud account. To review those steps, visit the instructions provided under Cloud Account Setup.

4. Add any Badges you would like to this particular cloud account. Badges provide a way to assign additional metadata about resources within the DivvyCloud platform. They are key/value pairs which can be used for filtering and identifying resources from parent cloud account.

5. Select Add Cloud.

6. Confirm the addition of your GCP cloud account.

Note: You should see a notification that indicates you have successfully added a cloud account.

  • DivvyCloud will begin harvesting immediately and the data should start to surface after five minutes or so, depending upon the size of your cloud account. Y
  • You can also confirm that your cloud account is added by returning to the Clouds main page, selecting the Listing tab and confirming that your newly added cloud account is listed.

Updated 3 months ago


Projects (GCP)


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.