Still can't find what you're looking for?
Cloudhouse Guardian (Guardian) supports a range of GCP services. The following topic describes the GCP services that are currently supported by Cloudhouse and the permissions that are required to be set to utilize them. For more information on how to add a GCP service node in Guardian, see Google Cloud Platform (GCP) Node.
BigQuery
BigQuery is a fully managed enterprise data warehouse that helps you manage and analyze your data with built-in features like machine learning, geospatial analysis, and business intelligence. For more information, see BigQuery overview in the Google Cloud Guide.
Required BigQuery Permissions
The following code snippet describes the permissions required for the BigQuery service.
BigQuery Data ViewerCloud DNS
Cloud DNS is a high-performance, resilient, global Domain Name System (DNS) service that publishes your domain names to the global DNS in a cost-effective way. For more information, see Cloud DNS overview in the Google Cloud Guide.
Required Cloud DNS Permissions
The following code snippet describes the permissions required for the Cloud DNS service.
DNS ReaderCloud KMS
Cloud KMS is a REST API that can use a key to encrypt, decrypt, or sign data such as secrets for storage. High global availability. For more information, see Cloud Key Management Service documentation.
Required Cloud KMS Permissions
The following code snippet describes the permissions required for the Cloud KMS service.
Cloud KMS CryptoKey Public Key Viewer, Cloud KMS ViewerCloud Logging
Cloud Logging is a fully managed service that allows you to store, search, analyze, monitor, and alert on logging data and events from Google Cloud and Amazon Web Services. For more information, see Cloud Logging documentation.
Required Cloud Logging Permissions
The following code snippet describes the permissions required for the Cloud Logging service.
Logs ViewerCloud SQL
Cloud SQL is a fully-managed database service that helps you set up, maintain, manage, and administer your relational databases on Google Cloud Platform. For more information, see Cloud SQL documentation.
Required CloudSQL Permissions
The following code snippet describes the permissions required for the Cloud SQL service.
Cloud SQL ViewerCompute Engine (GCE)
Compute Engine is a customizable compute service that lets you create and run virtual machines on Google’s infrastructure. For more information, see Compute Engine documentation.
Required Compute Engine Permissions
The following code snippet describes the permissions required for the GCE service.
Compute Engine ViewerIAM Google Cloud
IAM is Google’s identity management solution for Google Cloud Platform. For more information, see Identity and Access Management (IAM) in the Google Cloud Product overview.
Required IAM Permissions
The following code snippet describes the permissions required for the IAM service.
Security ReviewerKubernetes Engine (GKE)
Google Kubernetes Engine (GKE) provides a managed environment for deploying, managing, and scaling your containerized applications using Google infrastructure. For more information, see Google Kubernetes Engine documentation.
Required GKE Permissions
The following code snippet describes the permissions required for the GKE service.
Compute Engine Viewer, Kubernetes Engine ViewerCloud Storage (Buckets)
Cloud Storage is a service for storing your objects in Google Cloud. For more information, see Cloud Storage documentation.
Required Cloud Storage Permissions
The following code snippet describes the permissions required for the Cloud Storage service.
Storage Object Viewer