Skip to main content

Getting Credentials for Cross4Security

To integrate the Google Cloud Provider (GCP) provider to use the Cross4Security service you are required to perform some operations in GCP. The images attached below will guide you. Please follow the instructions below.


1. Project Creation

If you do not have any GCP project, please create a one firstly. Otherwise, you can skip this section.

  1. Go to GCP Console and log in to your account.

  2. Click the Select Project button top of the page.

Show the instruction with images

GCP Step 2

  1. Click on the New Project button located in the upper-right corner of the opened section.
Show the instruction with images

GCP Step 3

  1. On the next page, you can define the desired Project name for the project.

  2. Finally, click the Create button.

Show the instruction with images

GCP Step 4-5


2. Enabling APIs

This section, ensures that the necessary APIs are enabled in your GCP account. Check whether these APIs are active in your account.

  • Lists of APIs that need to be enabled:
    • BigQuery API
    • Cloud Asset API
    • Cloud DNS API
    • Cloud Resource Manager API
    • Cloud SQL Admin API
    • Kubernetes Engine API
    • Cloud Key Management Service (KMS) API
    • API Keys API
    • Cloud Dataproc API
    • Access Approval API
    • Cloud Logging API

If the APIs are not active, you can enable them by following the steps below.

  1. Go to GCP Console and log in to your account.

  2. Navigate to the project you will use in our platform. Open the Navigation Menu by clicking on the icon in the top left corner of the page. Hover over APIs and Services in the navigation menu that appears and click on the Library section.

Show the instruction with images

GCP Step 2

  1. Repeat the steps below for all APIs listed in the Enabled APIs List mentioned above.

    1. Type one of the API names mentioned above into the search bar.
    Show the instruction with images

    GCP Step 3

    1. Locate the relevant API on the opened page and click on it.
    Show the instruction with images

    GCP Step 3

    1. After reaching the API's page, click on the Enable button to activate the required API.
    Show the instruction with images

    GCP Step 3

warning

Compute Engine API and Certificate Manager API requires a project with a billing account and for that configuration you must be an administrator of any billing accounts. You can create a new billing account or contact with your administrator to enable billing for you.

  1. To check if the necessary APIs are enable in our project, click on the APIs & Services section in the navigation menu.
Show the instruction with images

GCP Step 4

  1. On the opened page, scroll down to see the list of enabled APIs.
Show the instruction with images

GCP Step 5

After ensuring that the required APIs are enabled in our project, you can proceed with the next steps.


3. C4C Custom Role Creation

  1. Go to GCP Console and log in to your account.

Firstly, we need to create a role with the necessary permissions for our product to have the required authorizations.

You can do this in one of two ways: Manual, gcloud CLI and Full Access.

The Manual method provides you with the entire permission list, and you need to add them one by one from the list.

The gcloud CLI method offers a code block and a file containing all the required permissions. Running this code block in gcluoud CLI automatically creates a role.

You can proceed by selecting your preference.

If you wish to proceed with this method, please follow the steps below.

  1. Click the MENU icon on the very left side.

  2. Click on Iam & Admin section, and select Roles from the opened menu.

Show the instruction with images

GCP Step 2-3

  1. Then click CREATE ROLE button on the top.
Show the instruction with images

GCP Step 4

  1. Enter your Title, then Click ADD PERMISSIONS button on the bottom.
Show the instruction with images

GCP Step 5

  1. After ensuring that the following items are selected from the opened permissions list, click the Add button.

    Show the required permission names.
    • compute.regions.list
    • iam.roles.get
    • pubsub.subscriptions.getIamPolicy
    • pubsub.topics.getIamPolicy
    • resourcemanager.projects.getIamPolicy
    • storage.buckets.getIamPolicy
Show the instruction with images

GCP Step 6

  1. After confirming that all the permissions in the table have been added, click the Create button located at the bottom of the page.

    warning

    Please be sure, all required permission are selected.

Show the instruction with images

GCP Step 7

After these steps, you should have successfully created the role with the necessary permissions.


4. Service Account Creation

We have created a role with the necessary permissions; now, we need to create an account to which we will assign this role.

  1. Go to GCP Console and log in to your account.
  2. Go to Service accounts from the left menu, under IAM & Admin.
Show the instruction with images

GCP Step 2

  1. Click CREATE SERVICE ACCOUNT button on the top.
Show the instruction with images

GCP Step 3

  1. Enter your Service account name, and it will generate a service account ID. After that click CREATE AND CONTINUE.
Show the instruction with images

GCP Step 4

optional

You can enter a description under Service account description to better identify the created account.

  1. In the second opened stage, click on Select a role and proceed according to the method you chose when creating the role:
warning
  1. If you chose to continue with Manuel method for creating the role, you should choose the role you created with the title you assign it under the Custom section.
  2. After selected the custom role click + Add Another Role button and select Viewer role under Basic section.
Show the instruction with images

GCP Step 5

  1. After selecting the relevant roles, click on the CONTINUE button.
Show the instruction with images

GCP Step 6

  1. Lastly, click DONE.

    tip

    After clicking the Done button, you should find yourself back in the Service Accounts page. However, if you are not, click on the Service Accounts section again from the menu on the left.

Show the instruction with images

GCP Step 7

Check from the list whether your service account has been created or not.


4. Obtaining Key

In this section, we will create the key file that we need in our platform.

  1. Locate the user we created on the Service Accounts page. Navigate to the Actions tab for the respective user, and click on the Three dots(...) button and select Manage keys.

  2. Click on the ADD KEY button on the opened page, and select Create new key.

Show the instruction with images

GCP Step 1

  1. When creating credentials, please note that our system currently only accepts credentials in JSON format, so make sure to select the JSON key type. After that, click CREATE, and the generated key will be downloaded to your computer.
Show the instruction with images

GCP Step 3

Do not forget to check your downloads. Make sure you keep the downloaded credential file in a reachable field.


Critical Step

Please do not forget the setup your Cost Information Configuration and Usage Cost Configurations.