Skip to main content

Connect a Google Cloud Account

To discover and scan targets in Google Cloud, connect a Google Cloud source in HostedScan using a service account and its JSON key. This guide walks you through creating the service account in the Google Cloud Console and then adding it in HostedScan.

HostedScan requirements

For HostedScan to discover Google Cloud resources (e.g., Compute Engine instances), the service account needs at least Resource Manager Viewer and Compute Viewer (or Viewer at the org/folder level). Grant only the roles you need for your use case.

1. Create a service account in the Google Cloud Console

  1. Open IAM & Admin → Service Accounts in the Google Cloud Console.

  2. Select the project where you want to create the service account.

  3. Click Create Service Account.

  4. Fill in:

    • Service account name (e.g., hostedscan-discovery)
    • Service account ID (auto-generated)
    • Description (optional)

  5. Click Create and Continue.

2. Grant roles to the service account

  1. On the next step, add at least the following roles to the service account:

    • Resource Manager Viewer (at the organization, folder, or project level as appropriate)
    • Compute Viewer

  2. Click Continue.

The new service account will appear in the service accounts list.

3. Create a JSON key for the service account

  1. In IAM & Admin → Service Accounts, click the service account you created.

  2. Open the Keys tab.

  3. Click Add KeyCreate new key.

  4. Select JSON.

  5. Click Create.

A JSON credentials file downloads to your machine. Keep this file secure and do not commit it to version control.

4. Connect Google Cloud in HostedScan

  1. In HostedScan, go to Integrations and add a Google Cloud source.

  2. Enter a display name (e.g., “Production Google Cloud”).

  3. Paste the entire contents of the downloaded JSON key file into the Service account JSON key field.

  4. Click Connect Google Cloud.

HostedScan will validate the key and use it to discover targets (e.g., Compute instances) according to the roles you granted. You can then run scans against those targets from your HostedScan dashboard.