Skip to main content

Google Cloud Platform proof types

Note

Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance meeting the requirements to integrate with Hyperproof and collect the proof you need.

When you create a Hypersync between Hyperproof and Google Cloud Platform (GCP), you can automatically collect proof based on:

  • Cloud Storage

    • Bucket Versioning

    • Bucket Replication

    • Bucket Encryption

    • Bucket Settings

    • Bucket Lifecycle Rules

    • Bucket Retention Lock Settings

  • Compute Engine

    • Firewall Rules

    • List of Running Instances

    • List of Snapshots

    • List of Images

    • List of Instance Groups

    • Minimum TLS Version

    • Persistent Disk Encryption

  • Identity and Access Management (IAM)

    • Project members

    • Custom Project Roles

  • Kubernetes Engine

    • List of Clusters

    • List of Pod Security Policies

    • List of Workloads

  • SQL

    • Backup Configuration

    • Backup Runs

  • VPC

    • List of Subnets

      Note

      Requires the compute.subnetworks.list permission. Additionally, to view the linked webpage in the proof, compute.networks.list and compute.networks.get are also needed.

    • List of Networks

Important

For the Hypersync to work, the following resources also have to be enabled in the GCP Project: Compute Engine APICloud Resource Manager API, and Identity and Access Management (IAM) API. These are project-level settings, and they can be found by searching in GCP. It’s highly recommended that these settings be turned on prior to creating the Hypersync otherwise an unspecified error may occur.

Additional documentation

The Google Cloud Platform Hypersync can be used to collect data from a single project or all projects within an organization or resource folder.

Note

You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need. Additionally, you can create multiple Hypersyncss for a single control or label.

Using the JSON private key file

During the connection process, you need to copy and paste your JSON private key file. If you don’t have a JSON private key file, follow the steps below. Note that creating a private key file requires Service Account Admin access (roles/iam.serviceAccountAdmin). If you don’t have access, contact your organization’s GCP administrator.

  1. Open GCP.

  2. From the left navigation menu, mouse over IAM & Admin and select Service Accounts.

  3. Click Create Service Account.

  4. Name the account.

  5. Assign the account the roles of Security Reviewer and Cloud Asset Service Agent, and then click Continue.

  6. Optionally, add additional users to grant them permissions within the service account.

  7. Click Done, and then click the service account you just created.

  8. Select the Keys tab.

  9. Click Add Key, and then select Create new key.

  10. Select the JSON radio button, and then click Create. The JSON file is automatically downloaded to your computer.

In this section: