In order to seamlessly integrate ArmourZero's Cloud Infrastructure scan to your Google Cloud Platform (GCP), you need to prepare a SecurityAudit's user credential login.
Integration guide
1. Go to "Infra" under VULNERABILITY SCANNERS section and click "Add Cloud Account" button.
2. Click on "Google Cloud Platform (GCP)". Under the Create Account menu, you need to provide the SecurityAudit's user credential and click "Integrate" when done.
How to create GCP Security Audit's user credential
1. Log in to your Google Cloud Console (https://console.cloud.google.com).
2. Select the Google Cloud Project you wish to scan or create a new one.
3. Copy your "Project ID" from the Google Cloud Console.
4. Navigate to "IAM & Admin" -> "Service Accounts".
5. Click "Create Service Account", enter a name (e.g. az-security-audit), and click "Create and Continue".
6. Assign the necessary roles:
- Viewer (Recommended) - provides full READ access across the project, allowing the scanner to fully utilise its capabilities.
- Custom Resource Access (Optional) - you can assign only specific resource view permission (e.g. Compute Viewer, IAM Security Reviewer, Storage Object Viewer) according to your comfort level. Note: limiting access will reduce scan coverage and some findings may not be detected.
7. Click "Done", then. select the newly created service account from the list.
8. Navigate to the "Keys" tab and click "Add Key" -> "Create New Key".
9. Select "JSON", then click "Create" to download the key file.
10. Important: Store the JSON key file securely. You will need to upload this file to ArmourZero to authenticate your scan.
11. Enter the "Project ID" and upload the JSON Key File in the ArmourZero platform to complete the integration.