Create a GCP Firewall Service Account
The firewall service account is used by the Multicloud Defense Gateway instances running inside your GCP project. The gateways may need to access the private keys stored in the SecretManager for TLS decryption and access storage to store PCAP files etc. (if configured by the user). Also, the gateways many need log writer permissions to send logs from Multicloud Defense Gateway to the GCP logging instance (if configured by the user).
Use the following procedure to create a controller service account:
Procedure
Step 1 | In your GCP dashboard, open IAM in your GCP project. |
Step 2 | Click Service Accounts. |
Step 3 | Create Service Account. |
Step 4 | Provide a name and ID, such as |
Step 5 | Add Secret Manager Secret Accessor and Logs Writer roles. |
Step 6 | Click Continue. |
Step 7 | Click Done. |