Connect Google Cloud

Overview

This documentation article provides a step-by-step guide to establish a connection between your Google Cloud project/s and the Upwind platform.

By establishing this connection, you enable Upwind to detect Kubernetes clusters and cloud resources within your project, integrate it with the Upwind platform, and gain access to Google Cloud APIs. This access enables the collection of contextual information, which enriches Detections and Findings of security threats in your environment.

To facilitate this process, we will utilize Google Cloud Console. Through the console, we will create the resources and configurations necessary for establishing the connection between Google Cloud and the Upwind platform.

Prerequisites

Before proceeding, ensure that you have the following prerequisites in place:

1. Google Cloud Project: You should have a Google Cloud project name with administrative privileges to create and manage resources, such as service accounts and IAM role bindings.

2. APIs & Services: Verify the following APIs are enabled. For more information on how to do this, refer to the guide Enable and Disable APIs .

   Title	Name
   Cloud Asset API	cloudasset.googleapis.com
   Cloud Resource Manager API	cloudresourcemanager.googleapis.com
   Compute Engine API	compute.googleapis.com
   Identity and Access Management API	iam.googleapis.com
   Kubernetes Engine API	container.googleapis.com

Setup

Project

1. Login to your desired Google Cloud Project
2. Create a Service Account:
   1. Navigate to IAM & Admin > Service Accounts and create service account.
   2. Name your service account
   3. For the newly created Service Account select the role of viewer to be assigned within the project.
3. Service account key:
   1. Create and download a new service account key.
   2. Upload the service account key to the Upwind Management Console.

Organization

1. Login to your desired Google Cloud Project
2. Create a Service Account:
   1. Navigate to IAM & Admin > Service Accounts and create service account.
   2. Name your service account
   3. Skip granting access to the project
3. Create a service account key:
   1. Create and download a new service account key.
4. Grant access to the Google Organization:
   1. Navigate to IAM & Admin > IAM
   2. Select 'Grant Access' and enter the email of the service account as the principal.
   3. Assign the Viewer role and save.
5. Upload service key:
   1. Upload the service account JSON file
6. Project Selection:
   1. Select the specific project/s or toggle All Projects

Next Steps

After establishing a connection to your Google Cloud Project(s), Upwind will populate an inventory of all compute resources and show which resources are Unprotected.

To connect a Kubernetes cluster with Upwind, follow the instructions provided in the console: Connect a Kubernetes cluster

To connect a Linux host with Upwind, follow the instructions provided in the console: Connect a host .