Create a Multicloud Defense Firewall Service Account Using the GCP Cloud Console
The multicloud defense firewall service account is used by the Multicloud Defense Gateway instances running inside your GCP project. The Gateways may need to access the private keys stored in the SecretManager for TLS decryption and access storage to store PCAP files etc. (if configured by the user). Also, the Gateways many need Log Writer permissions to send logs from Multicloud Defense Gateway to the GCP logging instance (if configured by the user).
Below are two (2) methods of creating this service account.
Procedure
Step 1 | Open IAM in your GCP project. | ||
Step 2 | Click Service Accounts. | ||
Step 3 | Create Service Account. | ||
Step 4 | Provide a name and ID (e.g multicloud defense-firewall) and click Create. | ||
Step 5 | Add Secret Manager, Secret Accessor and Logs Writer roles. | ||
Step 6 | Click Continue. | ||
Step 7 | Click Done.
|