Google Cloud Platform proof types
Note
Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance in meeting the requirements to integrate with Hyperproof and collect the proof you need.
When you create a Hypersync between Hyperproof and Google Cloud Platform (GCP), you can automatically collect the following proof types:
Google Cloud Platform notes on proof types
Compute Engine
List of Disk Encryption Settings
Note
Requires the compute.disks.list permission.
Kubernetes Engine
List of Pod Security Policies
Note
This proof type is compatible only with Kubernetes version 1.22 or higher. If you use a lower version of Kubernetes, the proof will not be generated.
Kubernetes has deprecated PodSecurityPolicies in version 1.21. See this Kubernetes article for information on migrating from PodSecurityPolicies to the built-in PodSecurity admission controller. Migrate from PodSecurityPolicy to the Built-In PodSecurity Admission Controller.
VPC
List of Subnets
Note
Requires the compute.subnetworks.list permission. Additionally, to view the linked webpage in the proof, compute.networks.list and compute.networks.get are also needed.
List of Networks
Note
Requires the compute.networks.list permission.
Important
For the Hypersync to work, the following resources also have to be enabled in the GCP Project: Compute Engine API, Cloud Resource Manager API, and Identity and Access Management (IAM) API. These are project-level settings, and they can be found by searching in GCP. It’s highly recommended that these settings be turned on prior to creating the Hypersync otherwise an unspecified error may occur.
Additional documentation
The Google Cloud Platform Hypersync can be used to collect data from a single project or all projects within an organization or resource folder.
Note
You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need. Additionally, you can create multiple Hypersyncs for a single control or label.
Connection configuration
During the connection process, you need to copy and paste your JSON private key file. If you don’t have a JSON private key file, follow the steps below. Note that creating a private key file requires Service Account Admin access (roles/iam.serviceAccountAdmin
). If you don’t have access, contact your organization’s GCP administrator.
Open GCP.
From the left navigation menu, hover over IAM & Admin and select Service Accounts.
Click Create Service Account.
Name the account.
Assign the account the roles of Security Reviewer and Cloud Asset Service Agent, then click Continue.
Optionally, add additional users to grant them permissions within the service account.
Click Done, and then click the service account you just created.
Select the Keys tab.
Click Add Key, and then select Create new key.
Select the JSON radio button, then click Create. The JSON file is automatically downloaded to your computer.