12-27-2022 04:21 PM
Has anyone tried onboarding GCP account for agentless scanning? During the setup it is asking for GCP Service account and API token details but we can only generate json keys for service accounts. Any idea how to get this setup done?
12-27-2022 04:35 PM
You can onboard gcp account for agentless scanning using the following docs:
Please search for "Onboard GCP Accounts for Agentless Scanning".
You can create a service account key using the following GCP documentation:
Hope it helped!
12-27-2022 07:01 PM
Hi Umer - Thanks for your reply. I followed the same documentation but during the setup page on Prisma it looks for the service account and API Token but the service account keys are in json format which is where we got stuck.
12-27-2022 07:28 PM - edited 12-27-2022 07:33 PM
The content of the service account JSON file will be entered the service account field in Prisma Cloud Compute Console.
API token field should be left empty.
Please save the settings, and try to perform the agentless scan.
12-27-2022 08:07 PM
Thanks again, this time we made some progress. JSON worked and downloaded the permissions template as well. When I tried to initiate the scan it threw the following error:
failed to create account clients for permissions check. target:"<credential_name>" hub:"" region: us-central1. failed to initialize the target account client for credential <credential_name>: googleapi: Error 403: Required 'compute.zones.list' permission for 'projects/<project_id>', forbidden
Do I need to apply the downloaded template? And how they are used?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!