Connect a GCP Account
To discover and scan targets in Google Cloud Platform (GCP), connect a GCP source in HostedScan using a service account and its JSON key. This guide walks you through creating the service account in the GCP Console and then adding it in HostedScan.
For HostedScan to discover GCP resources (e.g., Compute Engine instances), the service account needs at least Resource Manager Viewer and Compute Viewer (or Viewer at the org/folder level). Grant only the roles you need for your use case.
1. Create a service account in the GCP Console
-
Open IAM & Admin → Service Accounts in the GCP Console.
-
Select the project where you want to create the service account.
-
Click Create Service Account.
-
Fill in:
- Service account name (e.g.,
hostedscan-discovery) - Service account ID (auto-generated)
- Description (optional)
- Service account name (e.g.,
-
Click Create and Continue.
2. Grant roles to the service account
-
On the next step, add at least the following roles to the service account:
- Resource Manager Viewer (at the organization, folder, or project level as appropriate)
- Compute Viewer
-
Click Continue.
The new service account will appear in the service accounts list.
3. Create a JSON key for the service account
-
In IAM & Admin → Service Accounts, click the service account you created.
-
Open the Keys tab.
-
Click Add Key → Create new key.
-
Select JSON.
-
Click Create.
A JSON credentials file downloads to your machine. Keep this file secure and do not commit it to version control.
4. Connect GCP in HostedScan
-
In HostedScan, go to Integrations and add a GCP source.
-
Enter a display name (e.g., “Production GCP”).
-
Paste the entire contents of the downloaded JSON key file into the Service account JSON key field.
-
Click Connect GCP.
HostedScan will validate the key and use it to discover targets (e.g., Compute instances) according to the roles you granted. You can then run scans against those targets from your HostedScan dashboard.