Overview

Integrating with Google Cloud Platform allows Bridgecrew to perform scans using read-only API calls. This integration is done using a Terraform template.

You can use the output of terraform plan to view details of the resources before they are created. The resources that will be created as part of this integration are:

• Google project service
• Service account with the viewer role
• Service account credential
• Notification to Bridgecrew for the integration

How to Integrate

Part 1 - In Bridgecrew

1. From Integrations Catalog, under Cloud Providers, select GCP.

2. Review the prerequisites by make sure you have:

• A valid GCP credentials file
• Terraform version 0.12 installed
• The curl command-line tool (installed on the same instance running terraform)
  Then click Next.

3. Enter a name for your token and add a description (Optional), then select Create.
   Note: Tokens are specific per user and enforce the role and permission assigned to that user within the organization.

4. Save the API Token, then select Next. (The Token will not be available later.)

5. Review your configuration and copy the Terraform module code.

Part 2 - In Terraform

1. Paste the module you copied into your Terraform file. If you are creating a new GCP-terraform deployment file, add a provider block with the name of your credentials file and project as shown below.

provider "google" {
 credentials = file("credentials.json")
 project     = "my_project"
}
 
module "bridgecrew-read" {
  source                     = "bridgecrewio/bridgecrew-gcp-read-only/google"
  org_name               = "my_org"
  bridgecrew_token = "b4667191-6e30-5489-bbb8-030c3f7772eb"
}

📘

Note

Do not change the values of source, org_name and bridgecrew_token.

2. Run terraform init.
3. Run terraform apply.

Part 3 - In Bridgecrew.

Select Done.
Note: after the next Terraform run, the integration details will appear in the Integrations grid; for further details, see here.