TABLE OF CONTENTS
GCP Account Connection Overview
Before Aqua Wave CSPM can produce any security scan results, you must connect a cloud account. For Google Cloud, this is done through the use of a Service Account. A Service Account is an entity that can be assumed by a third-party and secured to only access resources in a project.
Drag and Drop (Recommended)
Step 1: Navigate to the "Cloud Accounts" page
- Click on Connect Account on the top right
Step 2: Choose Google Cloud Platform (GCP) under "Account Type" and Drag and Drop (Recommended) under "Method"
Step 3: Enable the APIs and Services used for scanning
- Enter the APIs & Services category.
- Select ENABLE APIS AND SERVICES.
- Search for and enable the following APIs:
- Cloud DNS API
- Stackdriver Monitoring API
- Stackdriver API
- Compute Engine API
- Cloud SQL Admin API
- Kubernetes Engine API
- Service Management API
- Service Networking API
Step 4: Use the following steps to create a Service Account and attach a role
- Log into your Google Cloud console and navigate to IAM Admin > Service Accounts.
- Click Create Service Account.
- Enter "Aqua" in the "Service account name", then enter "Aqua API Access" in the description then click Create.
- Select the role: Project > Viewer and click Continue.
- Click Done.
- Select the newly created Service Account.
- Select ADD KEY > Create new key.
- Select JSON > Create.
- Drag and drop the newly created JSON file in the Aqua connection wizard.