Wizard - Google Cloud

This page is a step-by-step description of the Google Cloud configuration wizard in Prancer. First, the user selects the Google Cloud wizard type and provides a collection name. Then, the user is prompted to provide the required secret data to connect to Google Cloud. Next, the user selects a security mode and clicks on the "Load Projects" button. This loads the projects for which the user provided the details. The user can then select a project and click on the "Finish" button. Prancer will then create the necessary configurations and run the crawler to fetch resources from the cloud. Finally, the policy compliance is run on the fetched resources and the compliance result can be viewed in the "Infra findings" screen and the logs can be viewed in the "Log" screen.

Select Wizard Type

../img/wizard/gcp/select_wizard_type.png)

  1. Provide the name of the collection
  2. Select Google cloud wizard type
  3. Click on the Next button for further process.

../img/wizard/gcp/gcp_load_accounts.png) To connect to Google Cloud, provide the required Google Cloud secret data to load the Google accounts.

Provide Connection Details

  1. Private ID: Google cloud Private ID
  2. Private Key: Google cloud Private Key
  3. Service Account Email: Google cloud Service Account Email
  4. Service Account ID: Google cloud Service Account ID

These are our recommendations for the Service Account permission to use for CSPM:

  • Viewer: Grants the ability to view most Google Cloud resources.

  • Security Reviewer: Grants permissions to access any IAM policy.

  • Secret Manager Viewer: Enables viewing metadata of all Secret Manager resources.

  • Editor: Provides permission to modify cloud resources. (Include this role only for auto-remediation purposes.)

Security Mode

Select the security mode which will be applied to Google Cloud compliance.

  1. Monitor:

    • Load the cloud resources.
    • Runs the compliance periodically.
    • Generates reports for it.
  2. Monitor and Remediate:

    • Load the cloud resources.
    • Runs the compliance periodically.
    • Generates reports for it.
    • It provides a remediation option to auto-fix the policy issues on the cloud.
  3. After adding the required details and selecting the security mode, click on the "Load Projects" button.

  4. It will load the Projects for which the user provided the details.

../img/wizard/gcp/select_account.png)

  • User can select a project and click on the Finish button.
  • It will do the following items:
  • Create Connector Configuration
  • Create Master Snapshot Configuration
  • Create Master Compliance Configuration
  • Run the Crawler to fetch available resources from the cloud.
  • Run the policy compliance on fetched resources.

../img/wizard/gcp/finish_processing.png)

  • After some time, you can see the compliance result in the Infra findings screen and see the logs in the Log screen.