TABLE OF CONTENTS

GCP Account Connection Overview

Before Aqua CSPM can produce any security scan results, you must connect a cloud account. For Google Cloud, this is done through the use of a Service Account. A Service Account is an entity that can be assumed by a third party and secured to only access resources in a project. 


Drag and Drop (Recommended)

Step 1: Navigate to the Cloud Accounts page.

  • Click Connect Account on the top right.

Step 2: Choose "Google Cloud Platform (GCP)" under Account Type and "Drag and Drop (Recommended)" under Method.

Step 3: Use the following steps to create a Service Account and attach a role.

  1. Log into your Google Cloud console and navigate to IAM Admin > Service Accounts.
  2. Click Create Service Account.
  3. Enter "Aqua" in the Service account name, enter "Aqua API Access" in the Service account description, and click Create.
  4. Select the role: Project > Viewer and click Continue.
  5. Click Done.
  6. Select the newly created Service Account.
  7. Select ADD KEY > Create new key.
  8. Select JSON > Create.
  9. Save the provided JSON file (Credentials).

Step 4: Drag and drop the newly created JSON file in the Aqua connection wizard.



Manual Setup

Step 1: Follow the Drag and Drop Instructions without dragging and dropping the JSON file.

Step 2: Open the JSON file and copy and paste the Project ID, Client Email, and Private Key.