Skip to main content

Syncing data from a single Google Cloud Platform project

Written by Hyperproof Support
Updated over 3 weeks ago

๐Ÿ“ Note

Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance in meeting the requirements to integrate with Hyperproof and collect the proof you need.


The Google Cloud Platform Hypersync can be used to collect data from a single project or all projects within an organization or resource folder. Collecting data from GCP requires cross-project authentication. To sync data from multiple projects see Syncing data from multiple Google Cloud Platform projects.
โ€‹

There are five steps you need to complete to sync data from a single project.

Creating a Hyperproof service account

Click to view instructions

  1. Open the GCP project from which you want to retrieve data.

  2. From the left menu, select IAM & Admin and then select Service Accounts.

  3. Click Create Service Account.

    The Create service account page opens.

  4. Enter a name for the service account and, optionally, a description. We suggest using the name Hyperproof Service Account.

  5. Click Done.

Generating JSON credentials

Click to view instructions

  1. Select the service account you just created.

  2. Click Keys.

  3. Click Add Key and the select Create new key.

    The Create private key forโ€ฆ window opens.

  4. Select the JSON radio button and click Create.

  5. Save the JSON file in a secure location. Click Close.

Creating an IAM role for the service account

Click to view instructions

  1. From the left menu, select Roles.

  2. Click Create Role.

  3. Enter a name for the role and, optionally, a description. We suggest using the nameHypersync Role.

  4. Click Add Permissions and assign the role the following permissions:

  • cloudsql.backupRuns.list

  • cloudsql.instances.list

  • compute.firewalls.list

  • compute.images.list

  • compute.instances.list

  • compute.instanceGroupManagers.list

  • compute.instanceTemplates.list

  • compute.instances.list

  • compute.regions.list

  • compute.snapshots.list

  • compute.sslPolicies.list

  • compute.zones.list

  • container.clusters.get

  • container.clusters.list

  • container.deployments.list

  • container.podSecurityPolicies.list

  • iam.roles.list

  • resourcemanager.folders.getIamPolicy

  • resourcemanager.organizations.getIamPolicy

  • resourcemanager.projects.getIamPolicy

  • storage.buckets.get

  • storage.buckets.list

  1. Click Create.

Adding the role to the service account

Click to view instructions

  1. From the left menu, select IAM.

  2. Click Add.

  3. Enter the email address associated with the service account.


    ๐Ÿ’ก Tip

    The email address should populate once you begin typing.


  4. From the Select a role drop-down menu, select the role you created in the previous section.

  5. Click Save.

Turning on APIs

Click to view instructions

Search for the following APIs and turn them on:

  • Identity and Access Management (IAM) API

  • Cloud Resource Manager API

  • Compute Engine API

  • Cloud Storage API

Did this answer your question?