Onboard GCP Cloud Account in Strata Cloud Manager

Table of Contents

GCP Cloud Account Onboarding Prerequisites

Onboard your GCP cloud account in Strata Cloud Manager.

Onboard GCP cloud account in Strata Cloud Manager. Create and download an onboarding Terraform template. When you apply this template in your cloud environment, it generates a service account with sufficient permissions. These permissions enable discovery within your cloud environment, granting access to network flow logs, asset inventory details, and other essential cloud resources.

Where Can I Use This?	What Do I Need?
Creating a GCP Service Account for Strata Cloud Manager Integration	GCP Cloud Account Onboarding Prerequisites

Before you begin, check your licences and ensure you meet the minimum AI Runtime Security prerequisites.

Log in to Strata Cloud Manager.
Select Insights → AI Runtime Security.
1. If you are onboarding a cloud account for the first time, click Get Started under the Network section.
2. If you have previously onboarded a cloud account, select Network from the AI Runtime Security drop-down list at the top. Click the Cloud Account Manager (cloud) icon.
Select Cloud Service Provider as GCP and select Next.
Enter basic information:
- A unique Name to identify your onboarded cloud account (Limit the name to 32 characters).
- The GCP Project ID.
- Input (Storage) Bucket Name you created in the Create a Cloud Storage Bucket prerequisite step.
Select Next.
In Application Definition, select Next.

The namespace shows applications from Pods/Cluster workloads, while VPC/VNETs display applications from virtual machine workloads.
Input Service Account Name (Enter only lowercase letters and numbers; the name must be between 3 and 24 characters).
Download Terraform.

Use one service account per project.
Execute Terraform. Unzip the downloaded Terraform zip file and follow the `README.md` file for instructions to deploy the Terraform in your cloud environment.
```
cd <unzipped-folder>/gcp //Change directory to the Terraform plan

#Deploy the Terraform
terraform init
terraform plan
terraform apply
```
Provide the required IAM Permissions to the user executing the Terraform template.
Once the apply completes, the following output is displayed:
Apply complete! Resources: 19 added, 0 changed, 0 destroyed. Outputs: service_account_email = "panw-discovery-****@PROJECT_ID.iam.gserviceaccount.com"
After executing Terraform, deploy services to your GKE cluster. For detailed instructions, see Deploy an application to a GKE cluster.
Select Done.
It may take about 10 seconds before you can click on the "Done" button. This brief pause ensures all background processes complete successfully. This validates the successful creation of a service account in GCP.

After successfully connecting to the cloud service provider with the specified service account, the AI Runtime Security: Network intercept gathers cloud VM and Kubernetes workload IP-tags from the Edge Service and tag collector, respectively. This discovery process can take up to 15 minutes before assets appear on the Strata Cloud Manager command center dashboard.
You can now view and manage the onboarded cloud accounts in Strata Cloud Manager.
The Strata Cloud Manager dashboard under Insights → AI Runtime Security shows all the cloud assets discovered.

Next, protect the network traffic flow by deploying an AI Runtime Security: Network intercept in GCP.