Complete the following configurations before connecting your Google Cloud account to discover and protect resources.
Create a service account and custom role
-
Create a service account in your Google Cloud project.
-
Create a custom role with the required permissions.
Assign permissions to custom role
Assign the following permissions to the custom role. Then, assign the custom role to service account used to discover resources in your Google Cloud environment.
-
alloydb.backups.list
-
alloydb.clusters.get
-
alloydb.clusters.list
-
alloydb.instances.get
-
alloydb.instances.list
-
backupdr.backupVaults.get
-
backupdr.backupVaults.list
-
backupdr.bvbackups.get
-
backupdr.bvbackups.list
-
backupdr.bvdataSources.get
-
backupdr.bvdataSources.list
-
bigquery.datasets.get
-
bigquery.tables.get
-
bigquery.tables.list
-
cloudsql.backupRuns.get
-
cloudsql.backupRuns.list
-
cloudsql.databases.get
-
cloudsql.databases.list
-
cloudsql.instances.get
-
cloudsql.instances.list
-
spanner.backups.list
-
spanner.databases.get
-
spanner.databases.list
-
spanner.instances.get
-
spanner.instances.list
-
storage.buckets.get
-
storage.buckets.list
-
storage.objects.list
-
compute.instances.get
-
compute.instances.list
-
compute.projects.get
-
compute.regions.list
-
compute.snapshots.list
-
compute.zones.list
-
resourcemanager.projects.get
-
resourcemanager.projects.list
This permission is applicable for AlloyDB and Cloud Spanner workloads
- monitoring.timeSeries.list
Enable Google Cloud APIs and services
The following APIs and services must be enabled to discover resources in your Google Cloud environment.
| API | Service |
|---|---|
| AlloyDB API | alloydb.googleapis.com |
| Backup and DR Service API | backupdr.googleapis.com |
| BigQuery API | bigquery.googleapis.com |
| Cloud Monitoring API | monitoring.googleapis.com |
| Cloud Resource Manager API | cloudresourcemanager.googleapis.com |
| Cloud Spanner API | spanner.googleapis.com |
| Cloud SQL Admin API | sqladmin.googleapis.com |
| Cloud Storage API | storage.googleapis.com |
| Compute Engine API | compute.googleapis.com |
| Service Usage API | serviceusage.googleapis.com |