Add your Google Cloud Platform environment

You can add a Google Cloud Platform (GCP) project to Sophos Cloud Optix by running the script Sophos provides.

Note By adding your GCP environment, you authorize Sophos to access information via APIs and collect log data from your environment. Your cloud provider may charge you for this. See Cloud provider charges or contact your provider for details.

Before you start:

  • You must have billing enabled for your GCP project in your Google account. If it isn't, for example a free trial, Google restricts access to APIs that Sophos Cloud Optix needs, and the script will fail.
  • You need to create a read-only service account in a GCP project or projects.
  • You need to run the Sophos Cloud Optix shell script in the cloud shell from a project with admin access to the GCP projects that you intend to add to Sophos Cloud Optix.

You create the service account by running the shell script provided in Sophos Cloud Optix.

  1. Go to Settings and click Add Environments.
    Add your cloud environment appears.
  2. Select GCP.

    Add a GCP project using a script in Google Cloud Shell (includes GKE clusters) appears. This helps you create the service account you need.

  3. Go to Google Cloud Platform and select the project where you want to create the service account.
  4. Open Google Cloud Shell.
  5. Download the script using the command provided on the GCP tab in Sophos Cloud Optix.
  6. Run the script as shown. The script lets you choose all projects, or select the projects you want to add.

    CUSTOMER_ID=<…> REQUEST_ID=<…> GCPFlowUrl=<…> GCPActivityUrl=<…> bash onboard-gcp.sh

    Note Select Include GKE to include GKE clusters. This provides inventory details, topology visualization, and security best practice checks.
  7. Allow Sophos Cloud Optix to access your IAM data (optional).

    Follow the remaining steps shown on the GCP tab. This allows Google Workspace Domain-wide Delegation to the new Sophos Cloud Optix.

    You need to be an admin of the domain associated with the organization in GCP.