InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Projects (GCP)

Overview

This page walks through the steps required to add a single GCP account, also known as a project, into DivvyCloud. To read more about Google Cloud Projects, check out their information here.

In addition, we also support adding multiple GCP projects (aka organizations) to DivvyCloud. Review the details of that setup on the Organizations (GCP) page.

Otherwise, refer to the steps below to get set up.

Prerequisites

Before you get started you will want to make sure you have the following:

  • A functioning DivvyCloud Installation with the appropriate admin permissions
  • The appropriate permissions to access the resources you will need from Google

If you have questions or concerns, reach out to us at [email protected]

Adding a GCP Project through the Google Console

1. To access the API Manager, log in to the GCP console. Verify that you have selected the organization and the project you wish to add to DivvyCloud.

🚧

Project ID

Note the Project ID; you will need this when adding the cloud account to DivvyCloud.

Google Project IDGoogle Project ID

Google Project ID

2. To access the APIs & Services dashboard, select API & Services from the left navigation and click "Dashboard".

API & Services DashboardAPI & Services Dashboard

API & Services Dashboard

3. Enable APIs — Once you have selected Dashboard, you will see a list of APIs that are currently enabled.

Currently enabled APIsCurrently enabled APIs

Currently enabled APIs

  • We recommend that you enable the following APIs in order to gain visibility and access to those GCP services.

Recommended APIs for GCP

  • Cloud Asset API
  • Cloud Logging API
  • Cloud SQL
  • Cloud SQL Admin API
  • Cloud Storage
  • Compute Engine API
  • Compute Engine Instance Group Manager API
  • Compute Engine Instance Group Updater API
  • Compute Engine Instance Groups API
  • Container Analysis API
  • Google Cloud Deployment Manager V2 API
  • Google+ API
  • Identity Toolkit API
  • Kubernetes Engine API
  • Notebooks API
  • Service Usage API (require to manage other GCP APIs through DivvyCloud)

Click to view a list of GCP Supported Services

If you do not have all of the recommended APIs enabled, select "Enable APIs and Services". Otherwise, skip to "Creating Credentials."

Enable APIs and ServicesEnable APIs and Services

Enable APIs and Services

4. In the Google API Library, enter the name of the missing API in the search box. Select the searched for API. (The example below shows just one match; multiple API matches may be shown in card format.)

5. You will see a description of the API. Once you have reviewed the information, select "Enable." Repeat the process until you have added all of the missing APIs.

6. Once you have verified your enabled APIs, you will need to create an additional custom role to ensure appropriate access. Go to "Roles --> Create Role --> Add Permissions".

  • Search for storage, select "Storage Legacy Bucket Owner" and "Storage Legacy Bucket Reader".
  • Select and add the following two permissions
    • storage.buckets.get
    • storage.buckets.getIAMPolicy

Save this new role and give it a name (e.g. DivvyCloudStorage) and ID.

Add Custom RoleAdd Custom Role

Add Custom Role

7. Click on Credentials on the navigation menu (from the API Services Dashboard).

Create credentialsCreate credentials

Create credentials

8. Click on the "Create credentials" button and select "Service account" from the drop-down menu.
Note: this navigates to the IAM & Admin section of the Google Cloud Platform Dashboard.

Service account detailsService account details

Service account details

9. Complete the "Service account details" as follows, click "Create" when you're finished.

  • Service account name - the name you want to provide for the service account
  • ID - the service account ID
  • Service account description - a description of the account's purpose

10. Under Service Account permissions click on "Select a role".

  • Select either "Project-->Viewer" to give DivvyCloud the scope to view all cloud resources, or select "Project -->Editor" to allow DivvyCloud to view and act upon all cloud resources.
  • Select the custom role you created in Step #6 (e.g. DivvyCloudStorage)
  • Add any conditions (optional), if desired.
Service account permissionsService account permissions

Service account permissions

11. Click Continue to save your role selection.

12. To finish the process to "Create Service Account", click "Create Key*.

  • Select JSON as your key type. (This allows DivvyCloud to call APIs programmatically.)
  • If you want to configure the "Grant users access to this service account (optional), consult with your local administrator to confirm details, or reach out to [email protected] with questions.

13. Click "Done" to complete this process and confirm that your Service Account Key has been created. You should see a confirmation message with the name of your JSON key. (This also automatically downloads the key.)

❗️

Store this JSON in a secure place; the JSON contains the only copy of the keys.

Complete the creation of your keyComplete the creation of your key

Complete the creation of your key

Adding a GCP Project to DivvyCloud

1. Go to your DivvyCloud account. Navigate to the Clouds main page (under Cloud on the left-side navigation menu). Click on Add Cloud in the upper right.

Add a CloudAdd a Cloud

Add a Cloud

2. Enter Cloud Information:

  • Select 'Google Cloud Platform' in the Select Technology dropbox.
  • Name your cloud account.
  • Provide your project ID from Setup on Google Console Step 1.
  • Enter the JSON from the credentials you created and saved earlier.
  • Enter an admin Email if you want to manage IAM and the Google Cloud Directory.
GCP Add a Cloud FormGCP Add a Cloud Form

GCP Add a Cloud Form

3. Complete the optional validation step for permissions.

📘

Validation

Both AWS and GCP include the ability to optionally validate permissions before adding a new cloud account. To review those steps, visit the instructions provided under Cloud Account Setup.

4. Add any Badges you would like to this particular cloud account. Badges provide a way to assign additional metadata about resources within the DivvyCloud platform. They are key/value pairs which can be used for filtering and identifying resources from parent cloud account.

5. Select Add Cloud.

6. Confirm the addition of your GCP cloud account.

Note: You should see a notification that indicates you have successfully added a cloud account.

  • DivvyCloud will begin harvesting immediately and the data should start to surface after five minutes or so, depending upon the size of your cloud account. Y
  • You can also confirm that your cloud account is added by returning to the Clouds main page, selecting the Listing tab and confirming that your newly added cloud account is listed.

Updated 8 days ago


Projects (GCP)


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.