Connecting GCP
To scan your Google Cloud environment, you need to provide Service Account credentials with read-only access to the projects you want to monitor.
Prerequisites
- A GCP account with permission to create Service Accounts
- At least one GCP project you want to scan
- The following ready:
- A Service Account with the Viewer role
- The Service Account's JSON key file or credentials
Step 1: Create a Service Account
If you don't already have a dedicated Service Account:
- Go to Google Cloud Console → IAM & Admin → Service Accounts
- Click Create Service Account
- Name it (e.g., "amnify-scanner")
- Click Create and Continue
Step 2: Assign the Viewer Role
- In the Grant this service account access step, add the Viewer role
- Click Continue and then Done
tip
The Viewer role provides the read-only access needed for security scanning. Amnify does not require write access to your GCP resources.
Step 3: Create a Key
- Open the Service Account you just created
- Go to the Keys tab
- Click Add Key → Create new key
- Select JSON format
- Click Create — the key file downloads automatically
Step 4: Add the Integration in Amnify
- Navigate to Integrations and click Create integration
- Select GCP as the provider
- Fill in the credentials from your Service Account key
- Optionally set a Display Name
- Click Next
- Amnify discovers your projects — toggle on the ones you want to scan
- Click Finish
What Happens Next
Once connected, you can:
- Run a scan against your GCP projects
- Set up a schedule for automatic scanning
- View results on the Dashboard
Troubleshooting
| Issue | Cause | Solution |
|---|---|---|
| No projects discovered | Service Account lacks Viewer access | Assign Viewer role on target projects |
| Authentication failed | Invalid or expired key | Create a new JSON key for the Service Account |
| Partial scan results | Viewer role missing on some projects | Ensure the Service Account has Viewer access on all target projects |