Once a user has been invited to OpsCompass they can add an account to be monitored by OpsCompass as long as they are an administrator in GCP.
Note: OpsCompass will be provisioned to require only read-only permissions.
1.) Click the "Add Project" button for Google Cloud Platform.
2.) Copy the OpsCompass Service Account information
Note: We will use this account information in the GCP console in a minute.
3.) Navigate to GCP (https://console.cloud.google.com), click the top drop down menu, and navigate & click into the project you would like to add to OpsCompass.
4.) Search for "IAM" and select "IAM & Admin" from the results.
5.) Click the "Grant Access" button. Paste the Service Account information into the "New Principles" text field and click "Select a role"
6.) Add the role "Viewer" under "Project" > "Viewer". Click "Save".
7.) To verify the new role is successful, navigate back to IAM & Admin > IAM within GCP.
monitoring@opscompass.iam.gserviceaccount.com should now have a "viewer" role:
8.) Navigate to the GCP Dashboard for your project, and copy the "Project ID".
9.) Navigate back to OpsCompass, and paste the "Project ID" into the text field. Click the "Connect" button.
OpsCompass will begin to scan the environment. You will see the accounts added to the dashboard, and a compliance score will begin to be assigned as we analyze the resources.
Additional Resource:
How do I connect additional clouds to OpsCompass?
How do I connect an Azure account to OpsCompass?
How do I connect an AWS account to OpsCompass?