Skip to content

Add your Google Cloud Platform environment

You can add a Google Cloud Platform (GCP) project to Sophos Cloud Optix by running the script Sophos provides.

Note

By adding your GCP environment, you authorize Sophos to access information via APIs and collect log data from your environment. Your cloud provider may charge you for this. Contact them for details. See Cloud provider charges.

Before you start

  • You must have billing enabled for your GCP project in your Google account. If it isn't, for example a free trial, Google restricts access to APIs that Sophos Cloud Optix needs, and the script will fail.
  • You need to run the Sophos Cloud Optix shell script in the cloud shell from a project with admin access to the GCP projects that you intend to add to Sophos Cloud Optix.

Add your GCP environment

Restriction

Sophos Cloud Optix doesn't support private EKS clusters.

A shell script provided by Sophos Cloud Optix creates the service account.

To run the script, do as follows.

  1. Click Add Environments.
  2. Select GCP.

    Add a GCP project using a script in Google Cloud Shell (includes GKE clusters) appears. This helps you create the service account you need.

  3. (Optional) In STEP 2, click Custom settings and select the region where Sophos Cloud Optix will create resources like buckets or functions.

  4. Go to Google Cloud Platform and select the project where you want to create the service account.
  5. Open Google Cloud Shell.
  6. Download the script using the command provided on the GCP tab in Sophos Cloud Optix.
  7. Run the script as shown. The script lets you choose all projects, or select the projects you want to add.

    CUSTOMER_ID=<…> REQUEST_ID=<…> GCPFlowUrl=<…> GCPActivityUrl=<…> bash onboard-gcp.sh

    Note

    Select Include GKE to include Google Kubernetes Engine (GKE) clusters. This provides inventory details, topology visualization, and security best practice checks.

  8. (Optional) Allow Sophos Cloud Optix to access your IAM data.

    Follow the remaining steps shown on the GCP tab. This allows Google Workspace Domain-wide Delegation to the new Sophos Cloud Optix.

    You need to be an admin of the domain associated with the organization in GCP.