You can automatically add your Google Cloud account to the Carbon Black Cloud console by using the Add Public Cloud Account wizard. This Carbon Black Cloud wizard provides two scripts to run in the Google Cloud console. The first script outputs details for the Connect Account page of the wizard so that you can skip the manual creation of the service account and workload identity federation; the second script enables the event stream mechanism.

Prerequisites

  • Verify that you have the Owner role on the project you want to onboard. For information, see Set Up Your Google Cloud Environment.
  • Verify that you have the project name and project ID available.

Procedure

  1. On the left navigation pane, go to Settings > Public Cloud Accounts.
  2. On the Public Cloud Accounts page, click Add Account.
    The Add Public Cloud Account window displays.
  3. Under Cloud Provider, select GCP. Under Method, select Single account. Click Next.
  4. Enter the GCP project details and click Next.
  5. On the Connect Account page, locate the script on the right and copy its content.
  6. Go to the Google Cloud console and open the Google Cloud Shell.
  7. Run the command you copied from the Carbon Black Cloud wizard: 
    curl https://dev.cwp.cbdtest.io/public-cloud/dev01/gcp/pre-onboarding-setup/shell/setup-cbc-pre-account-onboarding.sh -o setup-cbc-pre-account-onboarding.sh && bash setup-cbc-pre-account-onboarding.sh --GCPProjectId <Project_ID> --CBAwsAccountId <AWS_Account_ID> --CBAwsRoleName <Service_Role>
    The script takes the following parameters.
    ScriptURL The onboarding environment. For example, https://dev.cwp.cbdtest.io/public-cloud/dev01/gcp/pre-onboarding-setup/shell/setup-cbc-pre-account-onboarding.sh
    GCPProjectId The Google Cloud project ID. For example, carbonblack-public-cloud-poc
    CBAwsAccountId The AWS account where the Carbon Black Cloud Public Cloud services are running.
    CBAwsRoleName The IAM identity in the AWS account with specific permissions.
    After the script successfully executes, the Google Cloud console outputs the details for connecting to the service account.
  8. Enter the listed values in the Connect Account details page of the Carbon Black Cloud console and click Next.
  9. To enable the event stream mechanism, copy the script and run it in the Google Cloud Shell. 
    curl https://dev.cwp.cbdtest.io/public-cloud/dev01/gcp/event-stream-setup/shell/setup-cbc-event-stream.sh -o setup-cbc-event-stream.sh && bash setup-cbc-event-stream.sh --CBInventoryApiHost <APIHost> --CBInventoryOrgKey <Org_Key> --CBInventoryApiKey <API_Secret_Key>/<API_ID> --CloudFuncRegion <region> --GCPProjectId <Project_ID>
    ScriptURL The onboarding environment. For example, https://dev.cwp.cbdtest.io/public-cloud/dev01/gcp/event-stream-setup/shell/setup-cbc-event-stream.sh
    CBInventoryApiHost The host for Carbon Black Public Cloud service. For example, defense-dev01.cbdtest.io.
    CBInventoryOrgKey Locate the org key in Carbon Black Cloud console by navigating to the Settings > API Access > API Keys tab. For example, 8X5TJVYWQ.
    CBInventoryApiKey The API Key is stored in the secret manager and is passed when sending the push notification to Carbon Black Cloud.
    CloudFuncRegion Google Cloud function region ID.
    GCPProjectId The Google Cloud project ID. For example, carbonblack-public-cloud-poc.
  10. To onboard your Google Cloud account, select Add Account.

Results

After your Google Cloud project onboards, you can view it in the list of public cloud accounts under Settings > Public Cloud Accounts. If during the process of onboarding your project you select Add Account without executing the event stream mechanism script, the project shows in the lists of accounts with the Event stream not enabled status.