The Google Cloud integration enables comprehensive visibility and control over all assets within your Google Cloud environment. By automatically discovering and cataloging cloud-hosted resources, this integration provides real-time insights into your infrastructure, helping identify potential vulnerabilities and ensure robust security measures.
Prerequisites
Before beginning the integration process, ensure the following GCP APIs are enabled in your project/organization:
To verify these APIs are enabled:
1. Navigate to the Google Cloud Dashboard
2. Select "APIs & Services" from the navigation menu
3. Review the list of enabled APIs
4. If any required APIs are missing
- Click "ENABLE APIS AND SERVICES"
- Either search for each API individually or browse the "Google Enterprise APIs"
- Enable each required API
Integration Steps
1. Create a Service Account
1. In your GCP console, navigate to "IAM & Admin" > "Service Accounts"
2. Click "CREATE SERVICE ACCOUNT"
3. Enter the following details:
- Service account name
- Service account ID - The service account email address will be automatically generated and displayed (indicated by the arrow)
- Description (optional)
Note: Chariot does not have specific requirements for these fields.
4. Click "Done" (Access permissions will be configured in the next step)
2. Configure Access Permissions
1. Select the "IAM" tab
2. Choose the resources you want the Chariot Service Account to access
- Click the resource selector at the top of the page
- Select the appropriate resource from the dropdown
3. Click "Grant Access"
4. Enter the service account email address created in the previous step
5. Assign the "Viewer" role to the service account and click "Save"
3. Generate Service Account Key
After setting up the appropriate roles and permissions, follow these steps to generate and configure your service account key:
1. Return to your service account page
2. Click the "KEYS" tab in the service account details
3. Click "ADD KEY" and select "Create new key" from the dropdown menu
4. In the key creation dialog:
- Select "JSON" as the key type
- Click "CREATE" to generate and download the key file
5. Complete the Integration in Chariot:
- Navigate to the GCP integration section in Chariot
- Enter your Project ID (the name of the project or organization where you created the service account)
- Upload the JSON key file you just downloaded [screenshot shows Chariot integration form]
- Click "Connect" to finalize the integration
Once connected, Chariot will begin regularly ingesting assets from your GCP environment for risk detection.
We hope this document was helpful! If you find a topic that you would like discussed in detail, or need further assistance, please let us know at support@praetorian.com!