Onboard GCP Cloud Account in SCM

Log in to SCM.
Select
Insights
→ AI Runtime Security
.
If you are onboarding a cloud account for the first time, click

Get Started

.

If you have previously onboarded a cloud account, click the

Cloud Account Manager

(cloud) icon.
Select Cloud Service Provider
as GCP and select
Next
.
Enter basic information:
A unique
Name
to identify your onboarded cloud account.
The
GCP Project ID
.
The
Storage Bucket Name
you created in the Create a Cloud Storage Bucket prerequisite step.
Select
Next
.
In
Application Definition
, select
Next
.
The namespace shows applications from Pods/Cluster workloads, while VPC/VNETs display applications from virtual machine workloads.
Input Service Account Name
and
Download Terraform
.
Please use one service account per project.
Unzip the downloaded Terraform zip file and follow the `README.md` file for instructions:
cd <unzipped-folder>/gcp
terraform init
terraform plan
terraform apply
Provide the required IAM Permissions to the user executing the Terraform template.
Select
Done
.
This validates the successful creation of a service account in GCP.
After successfully connecting to the cloud service provider with the specified service account, the AI Runtime Security instance gathers cloud VM and Kubernetes workload IP tags from the Edge Service and tag collector, respectively. This discovery process can take up to 15 minutes before assets appear on the SCM Command Center dashboard.
You can now view and manage the onboarded cloud accounts in SCM.
The SCM dashboard under
Insights
→ AI Runtime Security
shows all the cloud assets discovered.
Next, protect the network traffic flow by deploying an AI Runtime Security instance in GCP.