This repository has been archived by the owner on Sep 17, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 797
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
35 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,35 @@ | ||
NOT YET WRITTEN | ||
=============== | ||
IAM Role Setup on GCP | ||
===================== | ||
|
||
Below describes how to install Security Monkey on GCP. | ||
|
||
Install gcloud | ||
--------------- | ||
|
||
If you haven't already, install *gcloud* from the [downloads](https://cloud.google.com/sdk/downloads) page. *gcloud* enables you to administer VMs, IAM policies, services and more from the command line. | ||
|
||
Setup Service Account | ||
--------------------- | ||
|
||
To restrict which permissions Security Monkey has to your projects, we'll create a [Service Account](https://cloud.google.com/compute/docs/access/service-accounts) with a special role. | ||
|
||
- Access the [Google console](https://console.cloud.google.com/home/dashboard). | ||
- Under "IAM & Admin", select "Service accounts." | ||
- Select "Create Service Account". | ||
- Name: "securitymonkey" | ||
- Add Role "IAM->SecurityReviewer" | ||
- Add Role "Project->Viewer" | ||
- If you're going to monitor your GCP services from an AWS instance, check the box "Furnish a new private key" and ensure JSON is selected as the Key type. | ||
- Hit "Create" | ||
|
||
![Create Service Account](images/create_service_account.png "Create Service Account") | ||
|
||
- Select the newly created "securitymonkey" services account and click on "Permissions". | ||
- Type in your Google email adddress and select the Owner role. | ||
- Press "Add". | ||
|
||
![Add User to Service Account](images/add_user_to_service_account.png "Add User to Service Account") | ||
|
||
Next, we'll launch an instance using that service account. | ||
- [Launch an AWS instance](instance_launch_aws.md). | ||
- [Launch a GCP instance](instance_launch_gcp.md). |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.