When connecting your Google Projects to Aqua CSPM use the following Custom Role and assign it to your connected Service Account.


Follow these steps to create the GCP Security Audit Role



Step 1: Retrieve the Aqua CSPM Security Audit Role Template

  • Open Google Cloud Shell
  • Enter the following command to load the Template


    curl https://aqua-cspm-resources.s3.amazonaws.com/google/security-audit-role.yaml -o security-audit-role.yaml


Step 2: Create the Role in your Organization

  • Use the following command by replacing your Organization Id


gcloud iam roles create AquaCSPMSecurityAudit --organization=YOUR_ORGANIZATION_ID --file=security-audit-role.yaml


Step 3: Verify Role Creation

  • Visit the IAM Console > Roles 
  • Select your Organization 
  • Verify your role was created accordingly