Support Center > Search Results > SecureKnowledge Details
Onboard a Google Cloud Platform subscription using the CloudGuard Dome9 API
Solution

Onboard a Google Cloud Platform subscription using the CloudGuard Dome9 API

Onboard a Google Cloud Platform subscription using the CloudGuard Dome9 API

This note will describe how to onboard a GCP accout to CloudGuard Dome9 using the CloudGuard Dome9 REST API.

This will use the GoogleCloudAccount resource. You will need details about your GCP account, which you can obtain either using the GCP console or API.

Prerequisites

CloudGuard Dome9 information

GCP subscription information

  • Service Account Key for a CloudGuard Dome9 role for your account. This key is used by CloudGuard Dome9 to access your GCP account and onboard details from it.
  • Service Account permissions block (JSON) for the service account.

Setup the GCP subscription

The Google subscription must have a service account defined, CloudGuard Dome9-Connection, with the Viewer role set. Follow steps 3 - 15 in Onboard a GCP Account to CloudGuard Dome9 to create the service account and key from the GCP console.

Request

POST https://api.dome9.com/v2/GoogleCloudAccount

{
  "name": "GCP-account",
  "serviceAccountCredentials": {
 "type": "service_account",
 "project_id": "**********",
 "private_key_id": "****************************************",
 "private_key": "-----BEGIN PRIVATE KEY-----\**********************************************************************************************************************************************************UuA9H02NzLYkcrFAMJNT\n-----END PRIVATE KEY-----\n",
 "client_email": "************
 "client_id": "1**********2",
 "auth_uri": "https://accounts.google.com/o/oauth2/auth",
 "token_uri": "https://oauth2.googleapis.com/token",
 "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
 "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/dome9-connect%40dome9-alon.iam.gserviceaccount.com"
}
}

Parameters

name - the name of the subscription as it will appear in CloudGuard Dome9

serviceAccountCredentials - the service account permissions block (including the service account key), generated on the GCP console, as-is.

Response

The response includes the id for the subscription in CloudGuard Dome9.

{
  "id": "********-****-****-****-************",
  "name": "GCP-account",
  "projectId": "**********",
  "creationDate": "2018-10-16T12:29:09Z"
}

See also

Onboard a Google Cloud Project to Dome9

GoogleCloudAccount (Dome9 API)

 This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment