Google Cloud Platform
Last updated
Last updated
To add your GCP Organization to Heeler, you will create a new project in that organization. That project will hold a single service account that will have read-only permission to view resources inside the project and inside the organization.
Create a new project, e.g., heeler-security
For that project, navigate to IAM & Admin and then Service Accounts
Create a Service Account, e.g., heeler-ro, and add a description.
Give the Service Account access to the project by selecting the Viewer role.
Give the Service Account access to the organization by selecting the Organization Policy Viewer role.
Skip granting users access
Confirm that your Service Account is created successfully.
Select the Service Account and then navigate to the Keys section. Then select Add Key > Create new key.
Select JSON key type
Confirm the key is saved locally. You will need it later.
Search for and navigate to the Cloud Resource Manager API
Click Enable and confirm it is enabled. Now GCP resources are ready for harvesting.
Once the resources are created and configured in GCP, you need to add their information to Heeler. Open the URL https://app.heeler.com/administration/connections/organizations or just click on the settings icon at the top right and then click on Connections.
Click on Add Organization and then select Google Cloud Platform. Enter:
Organization Name (e.g. Acme Corp)
Service Account Key, which was created in a prior step and saved locally as a JSON file
Project ID, matching the name of the Project created in a prior step
Folder IDs (optional). If entered, a subset of projects within provided folders will be harvested
Click Save. If everything is configured properly within GCP you should see a success message and inventory collection will immediately begin in the background. Please note that for the first round of collection it could take some time based on the size of the GCP footprint.
