Connect Google Cloud Platform Account

Use the following procedure to use the Multicloud Defense Controller's easy setup wizard to onboard a singular GCP project as an account:

Before you begin

  • You must have an active Google Cloud Platform (GCP) project.

  • You must have the necessary permissions to create VPCs, subnets, and a service account withint your GCP project. See GCP doucmentation for more information.

  • You must have an Admin or Super Admin user role in your Security Cloud Control tenant.

  • You must have Multicloud Defense enabled for your Security Cloud Control tenant.

Procedure

Step 1

From the Multicloud Defense Controller dashboard, click Setup located to the left of the window.

Step 2

Select Connect Account.

Step 3

Select the GCP icon.

Step 4

Click the Cloud Platform Cloud Shell to launch the Cloud Shell. Alternatively, log into your GCP account and launch the Cloud Shell from the project you want to connect to Multicloud Defense; note that the script automatically modifies the project name to the name of the project you launch the cloud shell from.

  1. Copy the command generated in the Multicloud Defense Controller easy setup modal and paste the command into the Cloud Shell. Execute it to initiate the onboarding process. This script automatically creates user accounts for the Multicloud Defense Controller to communicate directly with your GCP project.

  2. If you have multiple GCP projects, you are prompted to select the project via a numbered list. Select the value for the project you want to connect and submit.

  3. When prompted with Continue configuring this project? [y/n] note that you only need to type either "y" or "n". Do not hit enter to submit your selection.

Note that if the GCP project you are connecting to Multicloud Defense has been previously onboarded, you may get an error about the GCP could storage bucket already existing. If that is not amenable, create a new storage bucket in your GCP account to handle the flow logs on this project afer it is connected to Multicloud Defense.

Step 5

Enter the following information in the setup modal:

  1. Enter the GCP Account Name. This name is displayed only in Multicloud Defense.

  2. (Optional) Enter a Description.

  3. Enter the Project ID for the GCP project. This can be found at the top of the private key generated by the script from step 1.

  4. Enter the Client Email for the service account created as part of the onboarding process. This is included in the private key generated by the script from step 1.

  5. Copy and paste the Private key of the service account from the script output.

Step 6

Click Next.

What to do next

GCP does not automatically include the regions your project is confugred for. After your project is connected to Multicloud Defense we strongly recommend going to Inventory > Inventory to manually modify and add any and all appropriate regions.

Once you've connected the account, Multicloud Defense Controller automatically starts to discover assets and inventory associated with the cloud service provider account. Note that this is different from discovering traffic. Because Multicloud Defense Controller discovers account assets and inventory by default, the next step in this wizard is to Enable traffic visibility.