This topic describes how to onboard a Google Cloud project to your Dome9 account.
In the Dome9 console,navigate to Protect and select Add Google Cloud Account.
The Add Google Cloud Account Wizard will appear, directing you through the steps required to define Dome9 as an application.
Login to the Google Cloud management portal.
Navigate to APIs & Services, in the left navigation menu.
Enable APIs and Services.
- Enable the Compute Engine API (if it is not already enabled).
In APIs & Services, click on Credentials in the left menu
Select the Credentials tab.
Click Create Credentials.
Select Service account key.
In Service account drop down menu select New service account
Enter Dome9-Connect in the Service account name field.
In the Role field, select Viewer (from the Project list) and Security Reviewer (from the IAM list).
Select JSON as the Key type.
Download and save JSON file with the key.
In the Dome9 console, add a name for the cloud account, then click UPLOAD PRIVATE KEY and upload the file you saved.
- Click FINISH. Dome9 will access your GCP account, using the Key you provided, and onboard details from the account to Dome9. This could take a few minutes, depending on the number of entities in your account.
Onboard a number of Google projects and folders to Dome9
You can onboard a number of projects in a bulk operation, using the GCP console and the Dome9 console.
GCP mass onboarding instructions
- Log in to the Google Cloud management portal
- Click on APIs & Services of one specific project under the organization
- Click on Enable APIs & Services
- Search for Compute Engine API and verify it is enabled
Repeat steps 3, 4 on all accounts
- Search for Cloud Resource Manager API and enable it.
- Click on APIs & Services under the navigation menu, then click on Credentials
- Click on the Credentials tab
- Click on 'Create Credentials'
- Select 'Service account key'
- Under 'Service account' drop down menu choose New service account
- Under 'Service account name', name the service Dome9-Connect
- Under Role, Select Project -> Viewer and IAM -> Security Reviewer
- Make sure that key type is set to JSON
- Click on Create
- Download and save the JSON file with the key
- In the GCP console, navigate to IAM & admin, and then select Manage resources (at the bottom of the navigation pane, on the left)
- Select the projects and folders that you would like to add to Dome9
- On the right, In the Add members field on the PERMISSIONS tab, enter the email address that was used to create the Dome9-Connect service account in steps 10-14 (available in Service accounts).
- In the Select a role dropdown, select Project -> Viewer and IAM -> Security Reviewer
- Click Add.
- Download and unpack the Dome9 V2_API repository
- Install latest version of NPM (8.x) in your environment
- In the tools folder run the following commands:
- npm install
- node gcpOrgAdder.js -p ./<Json file> -i <Dome9 API ID> -s <Dome9 API secret>