GCP Integration (via Access Management)
Sprinto connects to GCP through a service account. To connect Sprinto to GCP, you will need to create a service account with specific access to audit all your GCP resources. This article provides a step-by-step guide to creating the service role for GCP.
Before proceeding, please ensure that you have enough privileges to create service roles in GCP.
Setting up the Integration:
Step 1: Log in to your GCP account console and go to IAM & Admin > Service Accounts.
Step 2: Select a project that supports your production environment on the resulting page. You can do this toward the top left of your screen.
Step 3: On the resulting page, click on "+ Create a service account.
Step 4: On the form that comes up, enter the following information and then click "Create".
Service Account Name: sprinto-service-account.
Service Account ID: This should get auto-generated.
Service Account Description (Optional): "Sprinto uses this to monitor production GCP resources".
Step 5: In the next step titled "Grant this service account access to the project", look for a role titled "Security Reviewer" and click on "Continue".
Note: As shown in the image below, the next step is optional. Click on "Done" once you have entered the information as you deem necessary.
Step 6: On the next screen, you should see the newly created service account (along with others, if any). Select the sprinto-service-account, click the "triple-dots under Actions" (as indicated in the image below).
Step 7: Select "Manage keys" as shown in the image below.
Step 8: Select "Create new key" as shown below.
Step 9: Choose the key type as JSON, and click on "CREATE" and download the key.
If you have multiple GCP projects in your production environment, do the following steps for each project:
1. Select the service account we just created and copy its email address.
2. Choose a production project (on the top left), and navigate to "IAM & Admin > IAM".
3. Click on "Add".
4. In the input titled "New Member", enter the email address you just copied.
5. Select the role titled "Security Reviewer", and click on "Save".Step 10: Keep a list of all your production project IDs handy. We will need it for the next steps.
Step 11: For each of your production projects, go to APIs, and ensure that the following APIs are enabled (image below). Unfortunately, there is no way to do this in bulk. If there are Google services that you do not use in a project, feel free to ignore the corresponding API.
Here is the link to the API dashboard:https://console.cloud.google.com/apis/dashboard
Step 12: Once you have completed the above steps, you are ready to connect Sprinto to GCP. Click on "Connect GCP account" after confirming the following:
You have the sprinto-service-account JSON key
You have added the sprinto-service-account to all production projects
You have a list of all your production project IDs
You have enabled the necessary APIs on all your production projects
Step 13: Upload the JSON file, and enter all the project IDs in the pop-up that follows. Finally, click on "Connect GCP".
Step 14: Goto Infrastructure under Security Hub and on the overview page you will see GCP is connected.
Step 15: Click on Add Now next to GCP and select the accounts you would like to sync with Sprinto and click on Add selected accounts which will complete the integration.
Congratulations! Sprinto is now connected to your GCP resources, and within the next 24 hours, you'll start receiving data and insights on the Sprinto platform. If you have any questions or concerns during the integration process, don't hesitate to reach out to your CSM for help. You may also contact Sprinto Support.
Last updated