Discover GCP Accounts

Tenable Cloud Security can automatically discover your GCP projects. If you want to onboard all projects in a GCP organizatio, provide the role details of the organization administrator for Tenable Cloud Security to automatically discover the projects in the organization. After Tenable Cloud Security discovers the GCP projects in that organization, you must configure them by providing the credentials before you can run a cloud scan for detecting misconfigurations in the cloud account. To onboard GCP projects, perform the following tasks:

1. Discover GCP Accounts.

2. Configure GCP Accounts.

To discover GCP cloud accounts:

Before you begin:

• Create a service account for Tenable Cloud Security in Google cloud and then provide read-only access for this service account to your Google cloud project. For more information, see Create a GCP Service Account and Activate the GCP Service Account.

1. Click Projects and Connections.

2. Click Cloud Accounts.

   The Cloud Accounts page appears listing all onboarded cloud accounts.

3. Click Discover accounts > GCP.

   The Configure GCP Service Account(s) window appears.

4. Onboard a single or multiple GCP service accounts.

   1. In the Project type section, select one of the following:

      • Single for onboarding a single GCP project.

      • Multiple for onboarding all projects in a GCP organization.

   2. Click Upload to upload the service account credential file in the JSON format.

   3. (Optional) Click to add more accounts.

   4. Click Discover.

      For multiple accounts, Tenable Cloud Security discovers and shows all projects under the GCP organization account with the status as Discovered. The GCP organization account appears with the icon next to it.

      For multiple project type, Tenable Cloud Security schedules discovery every 24 hours and automatically discovers any new project in the GCP organization. All accounts discovered in the last 7 days show the label until they are configured or ignored.

Configure discovered GCP accounts

Configure the discovered GCP projects before you can run a cloud scan to assess the resources in the project for misconfigurations. To configure a GCP project, upload the credentials file and assign it to a project in Tenable Cloud Security.

1. In the row of service account you want to configure, click > Configure.

   The Configure GCP Account window appears.

2. Click Upload to upload the service account credential file in the JSON format.

3. Click Next.

4. In the Assign a Project or Create a New Project section, do one of the following:

   • Select a project from the list of GCP projects.

     You can search for a project in the Search projects box.

   • Click New Project to create a new GCP project.

     1. Enter a Project name for your new project.

     2. Select GCP for the provider.

     3. Click Create New Project.

     Tenable Cloud Security creates the new project and Tenable Cloud Security automatically selects this project for onboarding the GCP project.

5. Click Save.

   The Cloud Accounts page appears and shows the project assigned to the GCP project.

6. Repeat these steps for all the discovered accounts you want to configure.

What to do next:

• Go to the Projects tab and run a cloud scan for the project. For more information, see Run a Cloud Scan.