Docs
HomeGitHubSign Up
Start typing to search…

Onboard GCP

Overview

ARMO’s GCP CSPM integration enables secure, continuous discovery and assessment of your Google Cloud environment’s security posture. By establishing a dedicated GCP Service Account with scoped, read-only permissions, ARMO can ingest cloud resource configurations, IAM and policy data, and audit logs. Once connected, ARMO continuously analyzes these data points to identify misconfigurations, compliance gaps, and risky exposures — surfacing actionable findings within the ARMO platform to help you reduce cloud risk and enhance your security posture.

Why Connect My GCP Cloud?

Securing your Google Cloud infrastructure is essential to protecting your workloads, applications, and data. ARMO provides deep visibility into your GCP resources and continuously assesses them for risks and compliance gaps.

By connecting your GCP project, ARMO will:

  • Detect high-impact misconfigurations across your GCP environment, including Compute Engine, Storage, IAM, and GKE.
  • Continuously ingest and analyze GCP Audit Logs to power Cloud Detection and Response (coming soon), providing visibility into user actions, API calls, and potential threats.
  • Provide actionable insights to harden your GCP workloads without unnecessary alert fatigue.
📘

Cloud Compliance

View all compliance checks performed on your GCP environment under Compliance → Cloud.

📘

Cloud Detection and Response (Coming soon)

Monitor detected incidents and suspicious activity under Runtime Incidents.

What Happens After You Connect?

Once your GCP environment is connected:

  • ARMO automatically scans your projects for misconfigurations and compliance violations.
  • Daily scans are scheduled automatically.
  • Findings are enriched with context about impacted resources, severity, and remediation steps.

Available Onboarding Methods

Onboarding OptionDescriptionRecommended for
Onboard GCP ProjectConnect a single GCP project using a Service Account with read-only IAM roles and API access.Most customers and small-to-mid size environments.

Prerequisites

Before onboarding, ensure:

  • You have Owner or IAM Admin permissions in the GCP project (or organization).
  • You have access to the Google Cloud Console and the ARMO Platform with permission to connect new cloud environments.
  • Network connectivity from ARMO to Google Cloud APIs (HTTPS / port 443).

Onboarding Methods

Choose the guide based on your setup:

👉 Onboard a GCP Project (Service account-based onboarding)

After Onboarding

Once your GCP environment is connected:

  • ARMO begins automated discovery of GCP resources.
  • Connected projects appear under Settings → Accounts → GCP in the ARMO Platform.
  • Compliance findings and misconfiguration results typically populate within 60 minutes.

Updated 8 days ago