This topic describes how to onboard a Google Cloud project to your Dome9 account.
In the Dome9 console,navigate to Cloud Inventory and select Add GCP Cloud Account.
The Add Google Cloud Account Wizard will appear, directing you through the steps required to define Dome9 as an application.
Login to the Google Cloud management portal.
Navigate to APIs & Services, in the left navigation menu.
Enable APIs and Services.
- Enable the Compute Engine API (if it is not already enabled).
In APIs & Services, click Credentials in the left menu.
Select the Credentials tab.
Click Create Credentials.
Select Service account key.
In Service account drop down menu select New service account.
Enter Dome9-Connect in the Service account name field.
In the Role field, select Viewer (from the Project list) and Security Reviewer (from the IAM list).
Select JSON as the Key type.
Download and save JSON file with the key.
In the Dome9 console, add a name for the cloud account, then click UPLOAD PRIVATE KEY and upload the file you saved.
- Click FINISH. Dome9 will access your GCP account, using the Key you provided, and onboard details from the account to Dome9. This could take a few minutes, depending on the number of entities in your account.
Onboard a number of Google projects and folders to Dome9
You can onboard a number of projects in an account, in a bulk operation, using the GCP console and the Dome9 console.
- Log in to the Google Cloud management portal.
- Click APIs & Services of one specific project under the organization.
- Click Enable APIs & Services.
- Search for Compute Engine API and verify it is enabled.
Repeat steps 3 and 4 for all projects to be onboarded. The remaining steps, below, can be done for any one of the projects in the account.
- Search for Cloud Resource Manager API and enable it.
- Click APIs & Services under the navigation menu, then click on Credentials.
- Click the Credentials tab.
- Click 'Create Credentials'.
- Select 'Service account key'.
- Under 'Service account' drop down menu choose New service account.
- Under 'Service account name', name the service Dome9-Connect.
- Under Role, Select Project -> Viewer and IAM -> Security Reviewer.
- Make sure that key type is set to JSON.
- Click Create.
- Download and save the JSON file with the key.
- In the GCP console, navigate to IAM & admin, and then select Manage resources (at the bottom of the navigation pane, on the left).
- Select the projects and folders that you would like to add to Dome9.
- On the right, in the Add members field on the PERMISSIONS tab, enter the email address that was used to create the Dome9-Connect service account in steps 10-14 (available in Service accounts).
- In the Select a role dropdown, select Project -> Viewer and IAM -> Security Reviewer.
- Click Add.
- Download and unpack the Dome9 V2_API repository.
- Install latest version of NPM (8.x) in your environment.
- In the tools folder run the following commands:
node gcpOrgAdder.js -p ./<Json file> -i <Dome9 API ID> -s <Dome9 API secret>