Skip to main content

Syncing data from a single Google Cloud Platform project

Written by Hyperproof Support
Updated this week

Note: Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance in meeting the requirements to integrate with Hyperproof and collect the proof you need.

The Google Cloud Platform Hypersync can be used to collect data from a single project or all projects within an organization or resource folder. Collecting data from GCP requires cross-project authentication. To sync data from multiple projects see Syncing data from multiple Google Cloud Platform projects.

There are five steps you need to complete to sync data from a single project.

Creating a Hyperproof service account

  1. Open the GCP project from which you want to retrieve data.

  2. From the left menu, select IAM & Admin and then select Service Accounts.

  3. Click Create Service Account.

    The Create service account page opens.

  4. Enter a name for the service account and, optionally, a description. We suggest using the name Hyperproof Service Account.

  5. Click Done.

Generating JSON credentials

  1. Select the service account you just created.

  2. Click Keys.

  3. Click Add Key and the select Create new key.

    The Create private key for… window opens.

  4. Select the JSON radio button and click Create.

  5. Save the JSON file in a secure location. Click Close.

Creating an IAM role for the service account

  1. From the left menu, select Roles.

  2. Click Create Role.

  3. Enter a name for the role and, optionally, a description. We suggest using the name Hypersync Role.

  4. Click Add Permissions, assign the role the following permissions, then click Create.

  • cloudsql.backupRuns.list

  • cloudsql.instances.list

  • compute.firewalls.list

  • compute.images.list

  • compute.instances.list

  • compute.instanceGroupManagers.list

  • compute.instanceTemplates.list

  • compute.instances.list

  • compute.regions.list

  • compute.snapshots.list

  • compute.sslPolicies.list

  • compute.zones.list

  • container.clusters.get

  • container.clusters.list

  • container.deployments.list

  • container.podSecurityPolicies.list

  • iam.roles.list

  • resourcemanager.folders.getIamPolicy

  • resourcemanager.organizations.getIamPolicy

  • resourcemanager.projects.getIamPolicy

  • storage.buckets.get

  • storage.buckets.list

Adding the role to the service account

  1. From the left menu, select IAM.

  2. Click Add.

  3. Enter the email address associated with the service account.

    Tip: The email address should populate once you begin typing.

  4. From the Select a role drop-down menu, select the role you created in the previous section.

  5. Click Save.

Turning on APIs

Search for the following APIs and turn them on:

  • Identity and Access Management (IAM) API

  • Cloud Resource Manager API

  • Compute Engine API

  • Cloud Storage API

Related Articles
Elastic Cloud proof types and permissions
Jira Cloud proof types
Syncing multiple AWS accounts across a single Hypersync
Google Cloud Platform proof types
Syncing data from multiple Google Cloud Platform projects
Did this answer your question?