Add your Google Cloud Platform environment

You can add a Google Cloud Platform (GCP) project to Sophos Cloud Optix by running the script Sophos provides.

Note By adding your GCP environment, you authorize Sophos to access information via APIs and to collect log data from your environment. Your cloud provider may charge you for this. See Cloud provider charges or contact your provider for details.

Before you start:

  • You must have billing enabled for your GCP project in your Google account. If it isn't, for example a free trial, Google restricts access to APIs that Cloud Optix needs and the script will fail.
  • You need to create a read-only service account in a GCP project or projects.
  • You need to run the Sophos Cloud Optix shell script in the cloud shell from a project that has admin access to the GCP projects that you intend to add to Sophos Cloud Optix.

You create the service account by running the shell script provided in Sophos Cloud Optix.

  1. Click Settings (in the left-hand menu) and select Environments.
  2. Click Add New Environment.
  3. On the Add your Cloud Provider environment page, select the GCP tab.

    This gives you help with creating the service account needed.

  4. Go to Google Cloud Platform and select the project where you want to create the service account.
  5. Open Google Cloud Shell.
  6. Download the script using the command provided on the GCP tab in Sophos Cloud Optix.
  7. Run the script as shown there. The script lets you choose all projects or only the project(s) you want to add.

    CUSTOMER_ID=<…> REQUEST_ID=<…> GCPFlowUrl=<…> GCPActivityUrl=<…> bash onboard-gcp.sh

    Note Select Include GKE to include GKE clusters. This provides inventory details, topology visualization, and security best practice checks.
  8. Allow Cloud Optix to access your IAM data (optional).
    Follow the remaining steps shown on the GCP tab. This enables G Suite Domain-wide Delegation to the Sophos Cloud Optix service account that has just been created.

    You need to be an admin of the domain associated with the organization in GCP.