GCP Account Connection Overview

Before Aqua Wave CSPM can produce any security scan results, you must connect a cloud account. For Google Cloud, this is done through the use of a Service Account. A Service Account is an entity that can be assumed by a third-party and secured to only access resources in a project. 

Drag and Drop (Recommended)

Step 1: Navigate to the "Cloud Accounts" page

  • Click on Connect Account on the top right

Step 2: Choose Google Cloud Platform (GCP) under "Account Type" and Drag and Drop (Recommended) under "Method"

Step 3: Enable the APIs and Services used for scanning

  1. Enter the APIs & Services category.
  3. Search for and enable the following APIs: 
    1. Cloud DNS API
    2. Stackdriver Monitoring API
    3. Stackdriver API
    4. Compute Engine API
    5. Cloud SQL Admin API
    6. Kubernetes Engine API
    7. Service Management API
    8. Service Networking API

Step 4: Use the following steps to create a Service Account and attach a role

  1. Log into your Google Cloud console and navigate to IAM Admin > Service Accounts.
  2. Click Create Service Account.
  3. Enter "Aqua" in the "Service account name", then enter "Aqua API Access" in the description then click Create.
  4. Select the role: Project > Viewer and click Continue.
  5. Click Done.
  6. Select the newly created Service Account.
  7. Select ADD KEY > Create new key.
  8. Select JSON > Create.
  9. Drag and drop the newly created JSON file in the Aqua connection wizard.

Manual Setup

Step 1: Follow the Drag and Drop Instructions without dragging and dropping the JSON file

Step 2: Open the JSON file and copy and paste the Project ID, Client Email and Private Key