Powered by

# Google Cloud Platform (GCP)

ASM supports GCP integrations to expand the functionality of various ASM capabilities. ASM is capable of identifying a range of exposures and cloud security vulnerabilities.

These and future GCP-focused ASM capabilities can be enabled by following the integration steps below.

# Service Account

ASM integrates into GCP by using impersonating a service account in your account. To enable that, you'll need to create a new service account, give it the required IAM permissions within your account, and allow ASM to impersonate this account.

# Custom Role Creation

  1. Login to your GCP console and navigate to your project

  2. Navigate to the "IAM & Admin" section, and then Roles"

  3. Click "Create Role"

  4. Enter a Title (e.g., NetSPI ASM), and click "Add Permissions".

  5. In the Add Permissions modal, search for and add the following permissions:

    • compute.instances.list
    • compute.zones.list
    • compute.addresses.list
    • storage.buckets.get
    • storage.buckets.getIamPolicy
    • storage.buckets.list
    • storage.objects.get
    • storage.objects.getIamPolicy
    • storage.objects.list

  6. Click "Create"

# Service Account Creation

  1. Login to your GCP console and navigate to your project
  2. Navigate to the "IAM & Admin" section, and then "Service Accounts"
  3. Click "Create Service Account" and fill in any required information. Take note of the "Email address" underneath "Service account ID" since you will need this later.
  4. Click "Create and Continue", then
  5. Under the "Grant this service account access to project" heading, add the following roles using the drop-down menus:
    • DNS Reader
    • Cloud Domains Viewer
    • Service Account Token Creator
    • NetSPI ASM (the custom role created in the "Custom Role Creation" section above)
  6. Click "Done"
  7. From the list of service accounts, select the new account you just created, and navigate to the "Permissions" tab
  8. Click "Grant Access"
    • In the "Add principals" section, input netspi-asm-production@asm-production-397420.iam.gserviceaccount.com
    • In the "Assign Roles" section, select the role "Service Account Token Creator"
  9. Click "Save".

# Enable APIs

  1. Navigate to GCP console and select your project from the dropdown menu
  2. Click Enable APIs and Services
  3. Using the provided user interface, enable the following APIs:
  • Compute Engine API
  • Cloud Resource Manager API
  • Cloud Domains API

# Add Account to ASM

  1. Log into ASM, navigate to Assets > Cloud Accounts and click the + sign in the top right. From there, provide a logical name for the account, the GCP project ID, and the Service Account e-mail address noted in step #3 above.

© Copyright 2025. All rights reserved.