Google Cloud Platform Scanner

Configure GCP cloud infrastructure scanning using Service Account credentials

Security Best Practice: Create a dedicated service account with a custom IAM role that grants only the minimum required read-only permissions for scanning.

Service Account Setup

Create a GCP service account with read-only permissions to scan your cloud infrastructure

Create Custom IAM Role

Create a custom role with read-only permissions using gcloud CLI or GCP Console

Open GCP IAM Roles

Create Service Account

Create a service account and assign the custom role using the gcloud CLI commands below

Generate and Download JSON Key

Create a JSON key file for the service account and upload it below

Upload Service Account Key

Upload the JSON key file in the form below

GCP Project ID

Your GCP project ID to scan

Service Account JSON Key

Upload the JSON key file generated for your service account

Enable GCP Scanning

Custom IAM Role Definition (Step 1)

Save this as 'ctem-scanner-role.yaml' and use it with gcloud CLI to create the custom role

Service Account Creation Script (Step 2 & 3)

Run these gcloud CLI commands to create the service account and generate the key file

Required GCP IAM Permissions

The custom role should include these permissions for comprehensive infrastructure scanning