{"id":48864,"date":"2023-09-25T11:48:01","date_gmt":"2023-09-25T09:48:01","guid":{"rendered":"https:\/\/cyberant.com\/user-settings-for-gcp-security-audits\/"},"modified":"2023-11-09T12:13:29","modified_gmt":"2023-11-09T11:13:29","slug":"user-settings-for-gcp-security-audits","status":"publish","type":"post","link":"https:\/\/cyberant.com\/en\/user-settings-for-gcp-security-audits\/","title":{"rendered":"User settings for GCP security audits"},"content":{"rendered":"\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-lmypaoou-b7c5fae614c347d2b8ec66a51ca87e69\">\n#top .av_textblock_section.av-lmypaoou-b7c5fae614c347d2b8ec66a51ca87e69 .avia_textblock{\nfont-size:40px;\n}\n<\/style>\n<section  class='av_textblock_section av-lmypaoou-b7c5fae614c347d2b8ec66a51ca87e69 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h1>User settings for GCP security audits<\/h1>\n<\/div><\/section>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-25hji5-b992aecd1a1206d88f72903381e2f06c\">\n#top .hr.hr-invisible.av-25hji5-b992aecd1a1206d88f72903381e2f06c{\nheight:30px;\n}\n<\/style>\n<div  class='hr av-25hji5-b992aecd1a1206d88f72903381e2f06c hr-invisible  avia-builder-el-1  el_after_av_textblock  el_before_av_textblock '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-lmypc8hi-e60c34143ad9734d929d8054d2e46cd4\">\n#top .av_textblock_section.av-lmypc8hi-e60c34143ad9734d929d8054d2e46cd4 .avia_textblock{\nfont-size:16px;\n}\n<\/style>\n<section  class='av_textblock_section av-lmypc8hi-e60c34143ad9734d929d8054d2e46cd4 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>Part of the security audit on Google Cloud Platform (GCP) environments take place automatically. For this we need an API user with the right settings. The user we create has read-only privileges on the settings so we can review them. In this article, we explain how to configure this user.<\/p>\n<h3><img decoding=\"async\" class=\"aligncenter wp-image-48862 size-featured\" src=\"https:\/\/cyberant.com\/wp-content\/uploads\/2023\/09\/Kennisbank-AWS-1500x430.jpg\" alt=\"AWS settings\" width=\"1500\" height=\"430\"><\/h3>\n<h3>Create audit role<\/h3>\n<p>Log in to Google Cloud console and activate the Cloud Shell. Next, create a file called cyberant-audit-role.yaml.<\/p>\n<p>Give the contents of this file the following content:<\/p>\n<pre class=\"notranslate\"><code>name: roles\/CyberAntCSPMSecurityAudit\ntitle: CyberAnt CSPM Security Audit\nincludedPermissions:\n  - cloudasset.assets.listResource\n  - cloudkms.cryptoKeys.list\n  - cloudkms.keyRings.list\n  - cloudsql.instances.list\n  - cloudsql.users.list\n  - compute.autoscalers.list\n  - compute.backendServices.list\n  - compute.disks.list\n  - compute.firewalls.list\n  - compute.healthChecks.list\n  - compute.instanceGroups.list\n  - compute.instances.getIamPolicy\n  - compute.instances.list\n  - compute.networks.list\n  - compute.projects.get\n  - compute.securityPolicies.list\n  - compute.subnetworks.list\n  - compute.targetHttpProxies.list\n  - container.clusters.list\n  - dns.managedZones.list\n  - iam.serviceAccountKeys.list\n  - iam.serviceAccounts.list\n  - logging.logMetrics.list\n  - logging.sinks.list\n  - monitoring.alertPolicies.list\n  - resourcemanager.folders.get\n  - resourcemanager.folders.getIamPolicy\n  - resourcemanager.folders.list\n  - resourcemanager.hierarchyNodes.listTagBindings\n  - resourcemanager.organizations.get\n  - resourcemanager.organizations.getIamPolicy\n  - resourcemanager.projects.get\n  - resourcemanager.projects.getIamPolicy\n  - resourcemanager.projects.list\n  - resourcemanager.resourceTagBindings.list\n  - resourcemanager.tagKeys.get\n  - resourcemanager.tagKeys.getIamPolicy\n  - resourcemanager.tagKeys.list\n  - resourcemanager.tagValues.get\n  - resourcemanager.tagValues.getIamPolicy\n  - resourcemanager.tagValues.list\n  - storage.buckets.getIamPolicy\n  - storage.buckets.list\nstage: GA<\/code><\/pre>\n<p>Then run the following command:<\/p>\n<p>gcloud iam roles create CyberAntCSPMSecurityAudit &#8211;organization=YOUR_ORGANIZATION_ID &#8211;file=cyberant-security-audit-role.yaml<\/p>\n<h3>Create service account<\/h3>\n<p>Log into your Google Cloud console and navigate to IAM Admin &gt; Service Accounts.<br \/>\nClick on &#8220;Create Service Account.&#8221;<br \/>\nEnter &#8220;CloudSploit&#8221; in the &#8220;Service account name,&#8221; then enter &#8220;CloudSploit API Access&#8221; in the description.<br \/>\nClick on Continue.<br \/>\nSelect the role: Custom &gt; CyberAnt CSPM Security Audit.<br \/>\nClick on Continue.<br \/>\nClick on &#8220;Create Key.&#8221;<br \/>\nLeave the default JSON selected.<br \/>\nClick on &#8220;Create.&#8221;<br \/>\nThe key will be downloaded to your machine.<br \/>\nOpen the JSON key file, in a text editor and copy the Project Id, Client Email and Private Key values into the index.js file or move the JSON key file to a safe location; you can reference it in your config.js file later.<\/p>\n<\/div><\/section>\n<div  class='hr av-1aend5p-00393731aede281343db4c0b80e9b427 hr-default  avia-builder-el-3  el_after_av_textblock  el_before_av_social_share '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<div  class='av-social-sharing-box av-qsy9tp-ea9ad5264905d97cb9a2197101456d06 av-social-sharing-box-default  avia-builder-el-4  el_after_av_hr  avia-builder-el-last  av-social-sharing-box-fullwidth'><div class=\"av-share-box\"><h5 class='av-share-link-description av-no-toc '>Share this article<\/h5><ul class=\"av-share-box-list noLightbox\"><li class='av-share-link av-social-link-facebook' ><a target=\"_blank\" aria-label=\"Share on Facebook\" href='https:\/\/www.facebook.com\/sharer.php?u=https:\/\/cyberant.com\/en\/user-settings-for-gcp-security-audits\/&#038;t=User%20settings%20for%20GCP%20security%20audits' aria-hidden='false' data-av_icon='\ue8f3' data-av_iconfont='entypo-fontello' title='' data-avia-related-tooltip='Share on Facebook'><span class='avia_hidden_link_text'>Share on Facebook<\/span><\/a><\/li><li class='av-share-link av-social-link-twitter' ><a target=\"_blank\" aria-label=\"Share on X\" href='https:\/\/twitter.com\/share?text=User%20settings%20for%20GCP%20security%20audits&#038;url=https:\/\/cyberant.com\/en\/?p=48864' aria-hidden='false' data-av_icon='\ue932' data-av_iconfont='entypo-fontello' title='' data-avia-related-tooltip='Share on X'><span class='avia_hidden_link_text'>Share on X<\/span><\/a><\/li><li class='av-share-link av-social-link-whatsapp' ><a target=\"_blank\" aria-label=\"Share on WhatsApp\" href='https:\/\/api.whatsapp.com\/send?text=https:\/\/cyberant.com\/en\/user-settings-for-gcp-security-audits\/' aria-hidden='false' data-av_icon='\uf232' data-av_iconfont='entypo-fontello' title='' data-avia-related-tooltip='Share on WhatsApp'><span class='avia_hidden_link_text'>Share on WhatsApp<\/span><\/a><\/li><li class='av-share-link av-social-link-linkedin' ><a target=\"_blank\" aria-label=\"Share on LinkedIn\" href='https:\/\/linkedin.com\/shareArticle?mini=true&#038;title=User%20settings%20for%20GCP%20security%20audits&#038;url=https:\/\/cyberant.com\/en\/user-settings-for-gcp-security-audits\/' aria-hidden='false' data-av_icon='\ue8fc' data-av_iconfont='entypo-fontello' title='' data-avia-related-tooltip='Share on LinkedIn'><span class='avia_hidden_link_text'>Share on LinkedIn<\/span><\/a><\/li><li class='av-share-link av-social-link-mail' ><a  aria-label=\"Share by Mail\" href='mailto:?subject=User%20settings%20for%20GCP%20security%20audits&#038;body=https:\/\/cyberant.com\/en\/user-settings-for-gcp-security-audits\/' aria-hidden='false' data-av_icon='\ue805' data-av_iconfont='entypo-fontello' title='' data-avia-related-tooltip='Share by Mail'><span class='avia_hidden_link_text'>Share by Mail<\/span><\/a><\/li><\/ul><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":3,"featured_media":48863,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[216,180],"tags":[307,194,306,280],"class_list":["post-48864","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledge-base","category-product-information","tag-gcp-security-audits-en","tag-pentest-en","tag-security-audit-en","tag-security-audits-en"],"_links":{"self":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts\/48864","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/comments?post=48864"}],"version-history":[{"count":0,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts\/48864\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/media\/48863"}],"wp:attachment":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/media?parent=48864"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/categories?post=48864"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/tags?post=48864"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}