Home

Create Service Account and Download Configuration File

You need to enable access to the necessary APIs from the API library.

Enable Access to APIs in API library

  1. Navigate to the Google Cloud Platform (GCP) console.
  2. Select the organization.
  3. To onboard all the projects, navigate to APIs and Services > Library.
  4. Select a project or create a new project. Ensure that you have selected the correct project.
  5. In the API library, click the following APIs and enable them. If you need help finding the API, use the search field.
    • Compute Engine API (Mandatory)
    • Cloud Resource Manager API (Mandatory)
    • Kubernetes Engine API
    • Cloud SQL Admin API
    • BigQuery API
    • Cloud Functions API
    • Cloud DNS API
    • Cloud Key Management Service (KMS) API
    • Cloud Logging API
    • Stackdriver Monitoring API
    • Identity and Access Management (IAM) API
    • Cloud Pub/Sub API
    • Service Usage API
    • Cloud Dataproc API
    • API Keys API

Create Service Account and Download Configuration File

  1. Login to the GCP console and select an Organization.
  2. Select a project or create a new project. Ensure you have selected the correct project.
  3. From the left sidebar, navigate to IAM & admin > Service accounts and click CREATE SERVICE ACCOUNT.
  4. Provide a service account ID, name (optional), and description (optional) for the service account, and click CREATE.
  5. Next, navigate to IAM & Services > IAM and click ADD.
  6. Enter your service account in New Principal.
  7. Add the following roles in the Role field and click SAVE.
    • Resource Manager -> Organization Viewer
    • Resource Manager -> Folder Viewer
    • Security Reviewer
  8. Select the newly created service account.
  9. Click Actions > Manage Keys > Add Key > Create a new Key.  Select JSON as the key type and click Create (A message saying "Private key saved to your computer" is displayed, and the JSON file is downloaded to your computer).
  10. Upload the configuration (JSON) file to complete GCP connector creation in Qualys Cloud Platform.

If you want to use the same service account for setting up connectors for additional projects, you can assign service account as a member in IAM at the organization level or at the project level.

Let us view the steps for the same.

Assign Service Account in IAM at project levelAssign Service Account in IAM at project level

(1) Login to Google Cloud Platform (GCP) console.

(2) From the left navigation bar, select IAM & admin. 

(3) Select the project from the drop-down menu in the top-left corner.

(4) In the IAM menu bar, click +ADD.

(5) In the New Members box, type the name of the service account and click the suggested value.

(6) In the Select a role drop-down box, select the appropriate role. Choose Viewer role and Security Reviewer role to assign at least reader permissions to the service account.

(7) Click Save.

(8) To add additional projects, repeat steps 3 through 7.

Assign Service Account in IAM at organization levelAssign Service Account in IAM at organization level

(1) Login to Google Cloud Platform (GCP) console.

(2) In the left navigation bar, select IAM & admin. 

(3) Select your organization from the drop-down menu in the top-left corner.

(4) In the IAM menu bar, click +ADD.

(5) In the New Members box, type the name of the service account and click the suggested value.

(6) In the Select a role drop-down box, select the appropriate role. Choose Viewer role and Security Reviewer role to assign at least reader permissions to the service account.

(7) Click Save.