You need to enable access to the necessary APIs from the API library.
(1) Navigate to the Google Cloud Platform (GCP) console.
(2) Select the organization.
(3) Select a project or create a new project. Ensure that you select the correct project.
(4) In the left sidebar, navigate to APIs and Services > Library.
(5) In the API library, click the following APIs and enable them. If you need help finding the API, use the search field.
- Compute Engine API
- Cloud Resource Manager API
- Kubernetes Engine API
- Cloud SQL Admin API
- BigQuery API
- Cloud Functions API
- Cloud DNS API
- Cloud Key Management Service (KMS) API
- Cloud Logging API
- Stackdriver Monitoring API
- Service Usage API
(1) Login to the GCP console and select a project.
(2) From the left sidebar, navigate to IAM & admin > Service accounts and click CREATE SERVICE ACCOUNT. Provide a name and description (optional) for the service account and click Create.
(3) Choose Viewer role and Security Reviewer role to assign at least reader permissions to the service account and click CONTINUE.
(4) Click CREATE KEY and select JSON as Key type and click Create.
A message saying “Private key saved to your computer” is displayed and the JSON file is downloaded to your computer. Click Close and then click Done.
Upload the configuration (JSON) file to complete GCP connector creation in Qualys Cloud Platform.
You can use an existing service account for setting up connectors for additional projects. Simply, assign the service account as a member in IAM at the organization level or at the project level.
Let us view the steps for the same.
Assign Service Account in IAM at project levelAssign Service Account in IAM at project level
(1) Login to Google Cloud Platform (GCP) console.
(2) From the left navigation bar, select IAM & admin.
(3) Select the project from the drop-down menu in the top-left corner.
(4) In the IAM menu bar, click +ADD.
(5) In the New Members box, type the name of the service account and click the suggested value.
(6) In the Select a role drop-down box, select the appropriate role. Choose Viewer role and Security Reviewer role to assign at least reader permissions to the service account.
(7) Click Save.
(8) To add additional projects, repeat steps 3 through 7.
(1) Login to Google Cloud Platform (GCP) console.
(2) In the left navigation bar, select IAM & admin.
(3) Select your organization from the drop-down menu in the top-left corner.
(4) In the IAM menu bar, click +ADD.
(5) In the New Members box, type the name of the service account and click the suggested value.
(6) In the Select a role drop-down box, select the appropriate role. Choose Viewer role and Security Reviewer role to assign at least reader permissions to the service account.
(7) Click Save.