GCP
In SaaS model of deployment the Accuknox CNAPP will be hosted in our cloud environment and scan will be done using the Cloud account Readonly Access permission.
Note: Make sure the Below API Library is enabled in your GCP Account for onboarding into Accuknox SaaS:
- Compute Engine API
- Identity and Access Management (IAM) API
- Cloud Resource Manager API
- Cloud Functions API
- KMS API
- Kubernetes API
- Cloud SQL Admin API
For GCP there is a requirement for IAM Service Account Access.
Step 1: Log into your Google Cloud console and navigate to IAM & Admin choose “Roles“ and Click “Create Role“
Step 2: Name the “Role” and Click “Add Permission”
Step 3: Use the Service: storage filter then value as “storage.buckets.getIamPolicy“
Step 4: Choose the permission and Click “Add“ then Click Create in the same page.
Step 5: In the Navigation Panel, navigate to IAM Admin > Service Accounts.
Step 6: Click on "Create Service Account"
Step 7: Enter any name that you want on Service Account Name.
Step 8: Click on Continue.
Step 9: Select the role: Project > Viewer and click Add another Role.
Step 10: Click “Add Another Role” Choose “Custom“ Select the created Custom Role.
Step 11: Click on “Continue“ and ”Done”
Step 12: Go to the created Service Account, click on that Service Account navigate to the “Keys“ section.
Step 13: Click the “Add key“ button and “Create new key “ . Chosen Key type should be JSON format.
Step 14: Click the “Create“ button it will automatically download the JSON key.