After you create your Google Cloud project, set up the workload identity pool and event mechanism, you can onboard your service accounts related to a specific project.

Procedure

  1. On the left navigation pane, go to Settings > Public Cloud Accounts.
  2. On the Public Cloud Accounts page, click Add Account.
    The Add Public Cloud Account window displays.
  3. Select GCP under Cloud Provider and Single account under Method, then click Next.
  4. On the GCP Project Details page, enter the project name and ID.
    You can locate them by going to the Google Cloud console > Manage resources > Resources page.
  5. Select your environment and region, and enter your account information.
  6. To populate the Connect Account page, go to the Google Cloud console, and locate the following data.
    • The project number. Retrieve it from the IAM & Admin > Settings page.
    • The service account email. Retrieve it from the IAM & Admin > Service Accounts page.
    • The identity pool ID and provider ID. To retrieve them, select the pool from the IAM & Admin > Workload Identity Federation > Workload Identity Pools page and locate the ID field. Then, click the edit icon next to the provider display name and locate the AWS account ID text box.
    Data that goes into the Carbon Black Cloud wizard for onboarding the GCP project/account.
  7. To enable GCP services monitoring for all the onboarded Google Cloud accounts, run the following script in any shell with Google Cloud SDK. 
    curl <scriptURL> -o setup-cbc-event-stream.sh && bash setup-cbc-event-stream.sh --CBInventoryApiHost <value> --CBInventoryOrgKey <value> --CBInventoryApiKey <API_Secret_Key_value>/<API_ID_value> --CloudFuncRegion <value> --GCPProjectId <value>
    For example, 
    curl https://dev.cwp.cbdtest.io/public-cloud/dev01/gcp/event-stream-setup/shell/setup-cbc-event-stream.sh -o setup-cbc-event-stream.sh && bash setup-cbc-event-stream.sh --CBInventoryApiHost defense-dev01.cbdtest.io --CBInventoryOrgKey 8X5TJVYWQ --CBInventoryApiKey <API_Secret_Key>/<API_ID> --CloudFuncRegion europe-west3 --GCPProjectId carbonblack-public-cloud-poc
  8. To save the GCP project information and connect to the Google resources from the Carbon Black Cloud console, click Add Account.

Results

Once the GCP project/account onboards to Carbon Black Cloud, it connects to the console, and you can view it in the list of public cloud accounts under Settings > Public Cloud Accounts.