Cloud

Connect Google Cloud

Authenticates a read-only service account (JWT-bearer) to read Cloud Resource Manager + Compute inventory and Security Command Center findings — feeding Security Readiness and Cloud Health.

What you'll need

A service account JSON key with roles/viewer on the project. For Security Command Center findings, also grant roles/securitycenter.findingsViewer at the ORGANIZATION level and provide the organization ID. The Compute and SCC APIs may need enabling in the project.

Credential

Service account key (Viewer + SCC Findings Viewer)

Requested scopes

roles/viewer, roles/securitycenter.findingsViewer

Powers

Security Readiness, Cloud Health

What it pulls

Project info + Compute instance inventory, and (with an organization ID) Security Command Center active findings bucketed by severity.

What you’ll enter

The exact fields the connect form asks for — and where to find each value.

Service account key (JSON)
Cloud Console → IAM & Admin → Service Accounts → your account → Keys → Add key → JSON. Open the downloaded file and paste ALL of it here.
Organization ID (for Security Command Center)optional
Only for security findings. IAM & Admin → Settings (or run `gcloud organizations list`). A number like 123456789012.
Project ID (defaults to the key's project)optional
Leave blank to use the key’s own project — only set this to target a different project.

Step-by-step setup

  1. 1

    Create a service account

    Cloud Console → IAM & Admin → Service Accounts → Create service account (e.g. shipready-metrics).

  2. 2

    Grant Viewer on the project

    Grant roles/viewer (Viewer) on the project — that covers Cloud Resource Manager + Compute inventory.

  3. 3

    Optional — SCC Findings Viewer at the org level

    For Security Command Center findings, grant roles/securitycenter.findingsViewer to the service account at the ORGANIZATION level (Organization IAM), not the project. Skip this if you don't need findings.

  4. 4

    Create and download a JSON key

    Open the service account → Keys → Add key → Create new key → JSON. A key file downloads — it's shown once.

  5. 5

    Paste the key + optional org ID

    Open the file, copy ALL of its contents, and paste into Service account key (JSON). For SCC, also enter your Organization ID (IAM & Admin → Settings, or `gcloud organizations list`). Project ID defaults to the key’s project.

  6. 6

    Connect

    Click Connect — we validate via Resource Manager (enabling Compute/SCC APIs as needed), then sync inventory + findings.

Create a service account → Connect in the app

Read-only service-account key, RS256 JWT-signed → OAuth token. Validated via Resource Manager, then Compute + Security Command Center. Feeds Security Readiness + Cloud Health.