Google Cloud

This topic describes how to set up P0's integration for Google Cloud Platform (GCP). It contains the following sections:

For fine-grained Kubernetes access in Google Kubernetes Engine (GKE), use the P0 Kubernetes integration.

Prerequisites

Existing P0 account at p0.app.
Existing Google project(s) where you want to install P0.
Permissions to create GCP roles and add IAM bindings to your Google project(s).
- iam.roleAdmin (Role Admin)
- iam.securityAdmin (Security Admin)
- orgpolicy.policyAdmin (Organization Policy Admin). This is optional but recommended, to ensure your P0 integration for GCP is as secure as possible

You may need to work with your organization's administrator for the relevant permissions.

Set up Google Cloud Integration

This setup takes about 10 minutes.

Google Cloud Integration requires these key setup steps:

Set up your Organization

You must set up your organization prior to GCP provisioning. To set up p0 for your GCP organization:

Retrieve your organization ID from GCP using one of the following methods:
- Run the command gcloud organizations list in the Google Cloud Console Shell.
- Go to IAM & Admin > Manage Resources. You will find your organization ID listed under the ID field.
Go to p0.app in your browser, navigate to Integrations, and select Google Cloud.
Copy and paste your organization ID into the input field and click Next. This enables you to install components that fit your needs.

If a previous Google Cloud integration is present, the field is disabled and pre-populated with the organization ID, so proceed to the next step.

Install a Component

For this example, we’ll install an Identity and Access Management (IAM) component.

The steps are similar for other components except IAM management. You need to install cloud run based IAM management security perimeter component before installing IAM management. Contact P0 support to skip installing security perimeter.

Contact P0 support to use domain restricted sharing instead of cloud run based security perimeter.

To install an IAM component:

Choose the component you want to install (e.g. IAM management).
Click Add project to install a new project.
Enter your existing GCP project name into the Project identifier field and click Next.
The resulting page will display GCP and Terraform commands to complete the installation.

Provision P0 Access

You can provision P0 IAM management Access using Google Cloud Console Shell or Terraform. For this example, we’ll use the GCP console shell.

You must have access to your project for it to appear in your GCP account. Refer to the Prerequisites for more info.

To provision access using the GCP shell:

Go to your GCP account and select the project you want to provision.
Open Cloud Shell Editor from the left menu, or use the search bar.
Click Open Terminal. This is where you’ll enter your shell commands.
If your browser is logged into multiple Google accounts, enter the command gcloud config set account email@email.com, and replace email@email.com with your account email.
Use the copy button to copy the entire Shell command set.
Paste the commands into the terminal window and press Return.

Return to the configuration page and click Next to begin the installation process.
When the installation completes, click Finish.