Skip to content

Real-time scan across projects in GCP#

You can enable real-time scan for applications in different projects in GCP. An application in GCP can be Google Cloud Storage (GCS) or Google BigQuery (GBQ).

By default, only one application of GCS is created at the time of installation. If you have multiple projects containing resources in GCP and want to scan them in real-time, then do the following:

Prerequisites

Ensure the following prerequisites are met:

  • Get the project IDs of each project:

    • Project where the instance is configured

    • Cross project(s) containing the resources to be scanned

  • Give permissions to the project instance to access the cross project resources (GCS buckets, GBQ datasets).

    1. Get the service account name of the project where the instance is configured.
    2. Navigate to the cross project > IAM & Admin > IAM > Click Add.
    3. Enter the service account name, and add the following roles:

      • Editor
      • Private Logs Viewer

Configuration

  1. Add the following property to the vars.discovery.gcp.yml YML file, and assign the projects IDs.

    PKAFKA_CROSS_PROJECT_IDS=project_id_2,project_id_3
    
  2. Run the following commands.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update
    
  3. After installing/updating Privacera Manager, add the GCP projects in Privacera Portal.

    1. In Privacera Portal, add new GCS and GBQ with the project ID.

      1. On the Privacera home page, expand the Settings menu and click on Data Source Registration from left menu.

      2. On the Data Source Registration page, click +Add System.

        The Add System pop-up displays.

      3. Enter System Name in the Name field. (Mandatory) Example: Azure

      4. Enter the description in the Description field. (Optional)

      5. Click Save.

      The Application page displays with newly added system.

      Now, let’s add the application in system, use the following steps:

      1. Click on the Setting icon of the system and then click +Add Application.

      2. Select the Application. Example: Google Cloud Storage

      3. Enter the Application Name, Application Code, and Project ID. (Mandatory)
      4. Click Save.
    2. After adding the application, you will be instructed to manually create a topic in the GCP Console as shown in the image below.

      In the image, the topic name is privacera_scan_worker_gcs_11_nj. Use this name to create a topic on the instance where Privacera is installed. For more information on creating a topic in GCP, click here.


Last update: July 23, 2021