Google Cloud Platform Integration

The Google Cloud Platform (GCP) integration allows you to connect your GCP projects to Comp AI for automated compliance monitoring, and risk assessment.

Setup Process

Prerequisites

Before setting up the integration, ensure you have:
  1. GCP project with Owner or Editor access
  2. Admin access to your Comp AI workspace
  3. Permissions to create service accounts

Configuration Steps

  1. Navigate to Settings > Integrations in your Comp AI dashboard
  2. Click on Connect next to the GCP integration card
  3. Link Service Account
    • Go to the GCP Console → IAM & Admin → Service Accounts
    • Click “Create Service Account” and give it a name like comp-ai-integration
    • Click Continue, then grant the following roles:
      • Security Center Findings Viewer (roles/securitycenter.findingsViewer)
      • (Optional) Viewer (roles/viewer)
    • Complete the service account creation
    • After creating the service account:
      • Go to the “Keys” tab
      • Click “Add Key” → “Create new key”, select JSON, then click Create
      • Download the key — you’ll use this in the next step
    • Go to the API Library and enable:
      • Security Command Center API
      • Cloud Resource Manager API
    • Open the downloaded JSON file, and copy its entire contents
    • Paste it into the Service Account Key field in the Comp AI connection form
  4. Click Save and Connect

Capabilities

Security Tests

The GCP integration performs the following security assessments:
Test CategoryDescription
IAM AnalysisReview IAM roles and service account permissions
GCS SecurityIdentify improperly configured bucket permissions and encryption
Compute SecurityAnalyze firewall rules, instance configurations, and patch status
Database SecurityCheck Cloud SQL, Firestore, and other database security settings
Cloud LoggingVerify proper logging and monitoring configuration
KMSValidate encryption key usage and rotation policies
NetworkAssess VPC configurations, firewall rules, and load balancer settings

Compliance Frameworks

The integration checks compliance against:
  • CIS GCP Foundation Benchmark
  • SOC 2
  • HIPAA (where applicable)
  • PCI DSS
  • GDPR
  • ISO 27001

Managing Access

Access Control

Comp AI requires read-only access to your GCP environment. The integration uses a service account with specific IAM roles that follow the principle of least privilege.

Permissions

The service account has the following roles:
  • Viewer (roles/viewer) at project level
  • Security Reviewer (roles/iam.securityReviewer)
  • Storage Object Viewer (roles/storage.objectViewer)
The integration does NOT have permissions to:
  • Modify any resources
  • Create new resources
  • Delete existing resources

Troubleshooting

Common Issues

Issue: Failed to connect GCP project
Solution: Verify organization id and service account key and IAM permissions Issue: Missing scan results for specific services
Solution: Check IAM permissions for those specific services Issue: Authentication errors
Solution: Ensure the service account key is valid and not expired

Support

For additional assistance with your GCP integration:
  1. Check our Knowledge Base
  2. Contact support at [email protected]
  3. Join our Discord community for peer support