Google Cloud Platform (GCP)
Connect Sola and GCP to get security insights
Overview
The Google Cloud Platform (GCP) integration connects data from your GCP account to your Sola workspace, making it easy to search and find answers to your specific use cases.
The GCP integration gives you a complete view of your GCP environment, allowing you to monitor and analyze GCP security posture and potential threats.
With the GCP integration, you can:
Ensure cloud security best practices
Gain full visibility into your cloud resources
Identify security risks across your cloud environment
Your data can only be retrieved, never modified.
Once connected, your data is securely stored, and access is restricted to retrieving configurations and metadata only. Authentication methods ensure secure delegation of permissions while maintaining data integrity.
No hidden indirect cloud provider charges The Sola integration won’t use resources that increase your cloud costs.
Set up GCP data source integration with Sola
Go to Integrations > Data Sources > click New data source > select GCP.
The Sola wizard will take you through the steps.
Connect GCP Single Project to Sola
To connect GCP, you'll need a GCP account with the necessary permissions to create a service account.
Connect a single GCP project.
Recommended for secure, production environments. These methods utilize a GCP Service Account within your project to securely grant Sola read-only access to your GCP services and resources.
Service Account Key (Recommended)
Terraform
The setup script, provided in the Sola wizard, creates the relevant resources needed for accessing GCP data and extracting it to Sola:
Creating service account - Creates a service account in the project and binds it the roles:
viewer,iam.securityReviewer,cloudasset.viewerEnabling services - Enables the following APIs:
admin,alloydb,apikeys,appengine,bigquery,bigtableadmin,cloudasset,cloudbilling,cloudfunctions,cloudkms,cloudresourcemanager,cloudscheduler,composer,compute,container,dataplex,dataproc,dns,file,groupssettings,iam,logging,metastore,recommender,redis,run,secretmanager,servicemanagement,serviceusage,spanner,storage,vpcaccessCreating service account key - Temporarily disables the
iam.disableServiceAccountKeyCreationorg policy, waits for propagation, creates the key, then re-enables the policy
For troubleshooting, see setup script common errors below.
Troubleshooting Single Project setup script common errors
MISSING_PERMISSIONS
Your GCP account lacks a required IAM permission.
Ensure all required roles are assigned to your account and re-run the script: Project Owner or Editor, Organization Policy Administrator.
RESOURCE_NOT_FOUND
A required GCP resource does not exist or is not visible to you.
Verify the project ID in the GCP Console and re-run the script.
RESOURCE_EXISTS
A resource with the requested name already exists.
Re-run the script (a new random name will be generated).
QUOTA_EXCEEDED
A GCP quota limit has been reached (e.g. max service accounts per project).
Delete unused resources or request a quota increase in the GCP Console, then re-run.
BILLING_DISABLED
Billing is not enabled on the selected project.
Enable billing at https://console.cloud.google.com/billing and re-run.
UNAUTHENTICATED
The gcloud CLI is not authenticated.
Run gcloud auth login and try again.
POLICY_BLOCKED
An organization policy is blocking the operation (e.g. key creation policy enforced at a parent level).
Check organization policies in the GCP Console or contact your org admin and try again.
PROPAGATION_TIMEOUT
A GCP change did not propagate within the expected time window.
Wait a few minutes and try again.
UNEXPECTED_ERROR
An unexpected error occurred.
Try again. Contact Sola support if the issue persists.
Connect GCP Organization to Sola
To connect GCP, you'll need a GCP account with the necessary permissions to create a service account.
Connect at the organization level to manage multiple GCP projects through a single integration. Available on custom plans.
This method utilizes a GCP Service Account at the organization root to securely grant Sola read-only access to your GCP services and resources across all projects.
Service Account Key
The setup script, provided in the Sola wizard, creates the relevant resources needed for accessing GCP data and extracting it to Sola:
Enabling services:
admin,alloydb,apikeys,appengine,bigquery,bigtableadmin,cloudasset,cloudbilling,cloudfunctions,cloudkms,cloudresourcemanager,cloudscheduler,composer,compute,container,dataplex,dataproc,dns,file,groupssettings,iam,logging,metastore,recommender,redis,run,secretmanager,servicemanagement,serviceusage,spanner,storage,vpcaccessCreating a service account in the provided Sola project
Binding the service account roles at organization root
Creating a deny policy for each excluded project or folder, if applicable
Creating a service account key
For troubleshooting, see setup script common errors below.
Troubleshooting GCP Organization setup script common errors
Use the table below to troubleshoot errors returned in your GCP console by the setup script.
MISSING_PERMISSIONS
Your GCP account lacks a required IAM permission.
Ensure all required roles are assigned to your account and re-run the script: Organization Administrator, Organization Policy Administrator, Billing Account Administrator, Deny Admin (if excluded projects/folders are specified).
RESOURCE_NOT_FOUND
A required GCP resource does not exist or is not visible to you.
Verify the ID in the GCP Console and re-run the script.
RESOURCE_EXISTS
A resource with the requested name already exists.
Re-run the script.
QUOTA_EXCEEDED
A GCP quota limit has been reached.
Delete unused resources or request a quota increase in the GCP Console.
BILLING_DISABLED
Billing is not enabled on the selected project
Enable billing at https://console.cloud.google.com/billing and re-run.
UNAUTHENTICATED
The gcloud CLI is not authenticated.
Run gcloud auth login and try again.
POLICY_BLOCKED
An organization policy is blocking the operation.
Check organization policies in the GCP Console or contact your org admin and try again.
PROPAGATION_TIMEOUT
A GCP change (service account creation or policy update) did not propagate within the expected time window.
Wait a few minutes and try again.
UNEXPECTED_ERROR
An unexpected error occurred.
Try again and contact Sola Support if the issue persists.
Explore the app gallery for GCP apps
Get started with GCP-focused security apps, built by our expert team.
Last updated
Was this helpful?