Skip to main content
All CollectionsIntegrations
Connect (GCP) Google Cloud Platform to Drata
Connect (GCP) Google Cloud Platform to Drata

Connect the GCP provider which is considered an access review (UAR) or infrastructure connection type to Drata.

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

You can integrate Google Cloud Platform (GCP) to Drata available under Access Review and Infrastructure connection type on Connections page. Connect GCP to sync data for access review features or to automate monitoring and evidence collection for the infrastructure security controls required for compliance.

You can now automatically collect evidence for a number of monitoring tests and continuously ensure your GCP environment meets compliance standards with Drata.

Learn more about setting up and connecting GCP to Drata.

Prerequisites

  • Ensure the Google Workspace account has Super admin privileges and is linked to the company's GCP account and that the Google Workspace Super Admin account email has the same email as GCP organization administrator email.

    • If this account does not exist, the Drata cannot retrieve MFA on your GCP IAM users (Test 88 - MFA on Infrastructure Console).

  • Ensure that the GCP account that is connecting GCP to Drata has an owner role and GCP Organization Administrator (resourcemanager.organizationAdmin) at project level or organizational level.

    • Project level: Connect each GCP project within an organization. For more information on migrating projects to an organization, go to Moving a project.

    • Organizational level: Connect the GCP organization. This is the recommended approach.

Enable (GCP) Google Cloud Platform

  1. Select Connections on the side navigation menu.

  2. Select the Available connections tab, search for GCP, and select Connect.

    • GCP is available under both Access review and Infrastructure. In the GCP connection drawer, you can enable either type.

  3. Follow the instructions on the connection drawer. The following sections cover the instructions on the connection drawer.

Step 1: Connect your Google Cloud Platform (GCP)

You have two ways to connect your GCP. You can either connect using a script or connect manually. It is recommended to connect using a script.

Connect using a script (Recommended)

Download and run both of the following scripts:

Connect manually

Go to Manually connect GCP for step by step instructions.

Step 2: Provision domain wide delegation client

Note: If you completed the manually connected GCP, you already completed this step.

This step can be completed after establishing the connection in Drata. If you fail to do it, the MFA test for GCP will fail. Full instructions can be found here (the last section of the help document).

Step 3: Upload JSON key

If you connected using the scripts, ensure to upload the JSON key generated.

If you connected manually, upload the file which is download onto your machine on step 6 in the following section: GCP Connection Details | Drata Help Center.

Enable connection types

You can enable Infrastructure or User Access Review.

Monitoring tests covered

Note: These tests are only related if you enabled infrastructure on the connection drawer.

  • Test 4: SSL/TLS on Admin Page of Infrastructure Console

  • Test 30: Availability Zones Used

  • Test 68: Customer Data is Encrypted at Rest

  • Test 69: Customer Data in Cloud Storage is Encrypted at Rest

  • Test 88: MFA on Infrastructure Console

  • Test 95: Infrastructure Accounts Properly Removed

  • Test 98: Employees have Unique Infrastructure Accounts

  • Test 102: Public SSH Denied

  • Test 104: Cloud Data Storage Exposure

  • Test 107: Daily Database Backups

  • Test 108: Storage Data Versioned or Retained

  • Test 112: Database CPU Monitored

  • Test 118: Infrastructure Instance CPU Monitored

  • Test 119: Firewall Default Disallows Traffic

  • Test 122: Web Application Firewall in Place

  • Test 123: Cloud Infrastructure Linked to Drata

  • Test 130: Load Balancer Used

Additional Resources

Did this answer your question?