Skip to main content

Connect a Google Cloud project with Terraform

Overview

This article provides a step-by-step guide to establishing a connection between your Google Cloud Project and Upwind.

By establishing this connection, you enable Upwind to detect Kubernetes clusters and cloud resources within your project, integrate it with the Upwind platform, and gain access to Google Cloud APIs. This access enables the collection of contextual information, which enriches Threat detection and Vulnerability findings of security threats in your environment.

To facilitate this process, we will utilize Terraform, an infrastructure-as-code tool. Through Terraform, we will create the resources and configurations necessary to establish the connection between Google Cloud and Upwind.

Prerequisites

Before proceeding, ensure that you have the following prerequisites in place:

  1. Google Cloud Project: You should have a Google Cloud project name with administrative privileges to create and manage resources, such as service accounts and IAM role bindings.

  2. APIs & Services: Verify the following APIs are enabled. For more information on how to do this, refer to the guide Enable and Disable APIs.

    TitleName
    Cloud Asset APIcloudasset.googleapis.com
    Cloud Resource Manager APIcloudresourcemanager.googleapis.com
    Compute Engine APIcompute.googleapis.com
    Identity and Access Management APIiam.googleapis.com
    Kubernetes Engine APIcontainer.googleapis.com

  3. Terraform Installation: Ensure Terraform is installed on your local machine. You can download the latest version of Terraform from the official website. Follow the installation instructions specific to your operating system.

Setup

Follow these steps to establish the connection using Terraform:

note

If you already possess a pre-existing account-type credential, you may reuse it and proceed directly to step 2.

  1. Create Terraform Configuration: Log in to the Upwind console. Select Google Cloud, and click on Generate cloud account credentials to obtain the values for the upwind_client_id and upwind_client_secret variables.

    Next, create a new directory for your Terraform project and navigate to it in your terminal. Inside the project directory, create a new file named main.tf to hold the Terraform configuration. Copy or download the code snippet from the Upwind console and paste it into main.tf.

    module "upwind_integration_gcp_project" {
       source = "https://terraform.upwind.io/modules/integrations/gcp-project-0.4.0.tar.gz"

       upwind_client_id       = ""
       upwind_client_secret   = ""
       upwind_organization_id = ""
    }

  2. Initialize Terraform: Run the following command to initialize Terraform within the project directory:

    terraform init

  3. Apply Terraform Configuration: Run the following command to apply the Terraform configuration and create the necessary resources:

    terraform apply

    Review the changes that Terraform plans to make and enter yes when prompted to confirm the changes. Terraform will connect your Google Cloud project and Upwind based on the provided configuration.

  4. Return to the Upwind console: Once the terraform apply command has been successfully executed, the connection should be established within a few moments. A success message will appear in the console to indicate the successful account connection.

Troubleshooting

If you encounter any issues during the process of establishing a connection between your Google Cloud project and Upwind using Terraform, consider the following troubleshooting steps:

  1. Google Cloud Project ID: Verify that the Google Cloud project ID specified in the Terraform configuration (project) matches the ID of the desired Google Cloud project.

  2. Client Credentials: Verify that the client credentials for Upwind (upwind_client_id and upwind_client_secret) are accurate. Make sure there are no typos or incorrect values.

  3. Authentication Errors: Verify that the google provider is configured correctly in your Terraform configuration by verifying the project ID and credentials.

  4. Insufficient Permissions: Verify that the google provider is configured with credentials from a user or service account that has the required permissions.

  5. Terraform Version Compatibility: Verify that your Terraform version is compatible with the required version. Refer to the provider documentation or release notes for compatibility details. Consider updating Terraform to the latest stable version.

  6. Error Messages and Logs: Pay attention to any error messages or logs displayed during the terraform apply command. They can provide valuable insights into the specific issue you are facing. Look for any specific error codes or descriptions that can guide your troubleshooting process.

If you are still unable to resolve the issue after following these troubleshooting steps, please initiate a chat with us in the Upwind console at https://console.upwind.io. The chat support is available 24/7.

Next Steps

After establishing a connection to your Google Cloud Project(s), Upwind will populate an inventory of all compute resources and show which resources are Unprotected.

To connect a Kubernetes cluster with Upwind, follow the instructions provided in the console: Connect a Kubernetes cluster

To connect a Linux host with Upwind, follow the instructions provided in the console: Connect a host.