The following sections describe Cloud Discovery & Visibility (CDV) features and configuration specific to GCP environments.
Before you begin
Ensure that the following requirements are met:
- You must have a GCP account to retrieve the GCP data with the following
permissions set:
- GCP Cloud Logging permissions:
logging.sinks.create
logging.sinks.delete
logging.sinks.get
- GCP Pub/Sub permissions:
pubsub.topics.create
pubsub.topics.getIamPolicy
pubsub.topics.setIamPolicy
pubsub.topics.attachSubscription
pubsub.topics.get
pubsub.topics.delete
pubsub.subscriptions.consume
pubsub.subscriptions.create
pubsub.subscriptions.delete
- GCP Private VPC/Subnets permissions:
compute.networks.get
compute.networks.list
compute.subnetworks.get
compute.subnetworks.list
- GCP VM Instance permissions:
compute.instances.get
compute.instances.list
- GCP DNS Zones (Private) permissions:
compute.zones.get
compute.zones.list
compute.regions.get
compute.regions.list
dns.managedZones.list
dns.resourceRecordSets.list
dns.resourceRecordSets.get
- GCP DNS Zones (Public) permissions:
compute.zones.get
compute.zones.list
compute.regions.get
compute.regions.list
dns.managedZones.list
dns.resourceRecordSets.list
dns.resourceRecordSets.get
- GCP Load Balancer permissions:
compute.instanceTemplates.get
compute.instanceTemplates.list
compute.instanceGroups.list
compute.instanceGroups.get
compute.instances.get
compute.instances.list
compute.backendServices.get
compute.backendServices.list
compute.regionBackendServices.get
compute.regionBackendServices.list
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.forwardingRules.get
compute.forwardingRules.list
compute.targetPools.get
compute.targetPools.list
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.regionTargetHttpProxies.get
compute.regionTargetHttpProxies.list
compute.regionTargetHttpsProxies.get
compute.regionTargetHttpsProxies.list
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.urlMaps.get
compute.urlMaps.list
compute.regionUrlMaps.get
compute.regionUrlMaps.list
- GCP Private Endpoints permissions:
dns.managedZones.get
dns.managedZones.list
dns.resourceRecordSets.get
dns.resourceRecordSets.list
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.forwardingRules.get
compute.forwardingRules.get
- GCP Kubernetes Engine permissions:
container.clusters.get
container.clusters.list
compute.instanceGroups.get
- GCP Cloud Logging permissions: