How do you apply permissions to users groups and service accounts in Google Cloud Platform?
The following procedure provides steps to create a Service Account within Google Cloud Platform (GCP) to use in a Lacework integration. Show
Do not start with this topic. For instructions on creating the entire integration, see the topics in GCP Terraform or GCP Console. RecommendationsWhen integrating at the Organization level, Lacework recommends creating a Project specifically to contain Lacework resources. When integrating at the Project level, you can provision all required resources for Lacework within the Project that is being integrated. PrerequisitesThe account that will be used to create and configure the integration resources must have certain privileges. Those privileges are mentioned in the following articles:
Additionally, the Project where the resources will reside must have billing enabled. Steps
Create a Service AccountnoteFollow these steps to manually create a Service Account:
(Compliance Only) Create the Lacework Compliance Custom RoleinfoThis step is required only when creating a Lacework Compliance integration.
Grant the Required Roles to the Service AccountGrant the required Roles to the Service Account created in the previous section:
Service Account RolesThese are the specific Roles required by the Service Account being used for the integrations, depending on the integration level and type.
Lacework Compliance Role PermissionsIn addition to the above GCP roles, Lacework also requires a Custom Role for the Compliance integration. The permissions required are outlined in the following table:
Next Steps
How do I give permission to service account in GCP?Add the Service Account as a Member to the Project. Open the IAM page in the GCP console for the XPN project.. Click on Add.. Select the Service Account as the New Member.. Select the Role with the desired permissions.. Click on Save.. How do you grant permissions to a service account?Granting access to a service account. Open the link provided by your service provider. ... . Review the roles your provider wants the service account to have.. To choose a project, click Select Project. ... . If you don't want to grant the service account access, click Remove to delete it from the list.. Click Grant.. How do I check my GCP service account permissions?Using GCP Console
03 Navigate to Cloud Identity and Access Management (IAM) dashboard at https://console.cloud.google.com/iam-admin/iam. 04 In the navigation panel, select IAM. 05 Choose the PERMISSIONS tab, then select View by MEMBERS to list all the member accounts available for the selected GCP project.
Which basic permissions allows you to change access permissions on resources in GCP?Google Cloud offers Identity and Access Management (IAM), which lets you give more granular access to specific Google Cloud resources and prevents unwanted access to other resources. IAM lets you adopt the security principle of least privilege, so you grant only the necessary access to your resources.
|