Onboard a Google Cloud Platform subscription using the CloudGuard Dome9 API
Onboard a Google Cloud Platform subscription using the CloudGuard Dome9 API
This note will describe how to onboard a GCP accout to CloudGuard Dome9 using the CloudGuard Dome9 REST API.
This will use the GoogleCloudAccount resource. You will need details about your GCP account, which you can obtain either using the GCP console or API.
Prerequisites
CloudGuard Dome9 information
GCP subscription information
- Service Account Key for a CloudGuard Dome9 role for your account. This key is used by CloudGuard Dome9 to access your GCP account and onboard details from it.
- Service Account permissions block (JSON) for the service account.
Setup the GCP subscription
The Google subscription must have a service account defined, CloudGuard Dome9-Connection, with the Viewer role set.
Request
POST https://api.dome9.com/v2/GoogleCloudAccount
{
"name": "GCP-account",
"serviceAccountCredentials": {
"type": "service_account",
"project_id": "**********",
"private_key_id": "****************************************",
"private_key": "-----BEGIN PRIVATE KEY-----\**********************************************************************************************************************************************************UuA9H02NzLYkcrFAMJNT\n-----END PRIVATE KEY-----\n",
"client_email": "************
"client_id": "1**********2",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/dome9-connect%40dome9-alon.iam.gserviceaccount.com"
}
}
Parameters
name - the name of the subscription as it will appear in CloudGuard Dome9
serviceAccountCredentials - the service account permissions block (including the service account key), generated on the GCP console, as-is.
Response
The response includes the id for the subscription in CloudGuard Dome9.
{
"id": "********-****-****-****-************",
"name": "GCP-account",
"projectId": "**********",
"creationDate": "2018-10-16T12:29:09Z"
}
See also
GoogleCloudAccount (Dome9 API)
|
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
|