Skip to main content
Enable Cloudgeni to scan your Google Cloud infrastructure by creating a dedicated service account with read-only access. This integration provides comprehensive visibility into your GCP resources and security posture.

Prerequisites

  • GCP project with owner or admin access
  • gcloud CLI installed and configured
  • Cloudgeni account (free trial available)
  • Time estimate: 2 minutes

Step 1: Create Service Account

Set your project ID and service account name, then create a dedicated service account for Cloudgeni:
# Set your GCP project ID and service account name
export PROJECT_ID="your-project-id-here"
export SA_NAME="cloudgeni-readonly-access"

# Configure gcloud to use your project
gcloud config set project $PROJECT_ID

# Create the service account
gcloud iam service-accounts create $SA_NAME \
  --display-name="CloudGeni Platform ReadOnly Access"
The service account email will be: {SA_NAME}@{PROJECT_ID}.iam.gserviceaccount.com

Step 2: Assign IAM Roles

Assign the minimum required roles for Cloudgeni to scan your infrastructure:
# Grant service usage consumer role
gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member="serviceAccount:$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/serviceusage.serviceUsageConsumer"

# Grant reader role for read-only access
gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member="serviceAccount:$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/reader"
These roles provide read-only access to your GCP resources. Cloudgeni cannot make any changes to your infrastructure.

Step 3: Create Service Account Key

Create and download the service account key file:
# Generate and download the key file
gcloud iam service-accounts keys create $SA_NAME-key.json \
  --iam-account=$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com
Result: You’ll have a {SA_NAME}-key.json file in your current directory.
Keep this key file secure. It provides access to your GCP project. Never commit it to version control.

Step 4: Configure Cloudgeni Integration

  1. Log into your Cloudgeni dashboard
  2. Navigate to Settings > Integrations > Cloud
  3. Click “Connect GCP”
  4. Enter your configuration:
    • Name: GCP Production (or your environment name)
    • Project ID: Your GCP project ID
    • Service Account Key: Upload your service account key JSON file
  5. Click “Create Integration”
A scan of all your GCP resources will start automatically after creating the integration.

Coming Soon: Keyless Authentication

Workload Identity Federation

We’re working on adding support for keyless authentication methods for GCP, similar to our existing support for AWS and Azure. This will eliminate the need for long-lived service account keys and provide enhanced security through workload identity federation.Stay tuned for updates!

What’s Next?

Quick Start Guide

Get started with Cloudgeni in under 5 minutes

Cloud Compliance

Monitor compliance across your cloud infrastructure

Static Analysis

Scan your infrastructure as code for issues

Configuration Drift

Detect drift between your code and deployed resources