GCP Integration FAQ

  • Updated

Which resources does Vanta fetch from GCP? 

  • Artifact Registry repositories
  • Bigquery datasets
  • Bigtable instances

  • CloudSQL instances

  • Cloud Task Queues
  • Compute instances

  • Container repositories

  • Datastore projects

  • Firestore projects

  • Log buckets

  • Log sinks

  • Monitoring policies

  • Networks

  • Role grants

  • Roles

  • Spanner instances

  • Storage buckets

  • Subnets

  • Subscriptions

  • Topics

 

Which APIs need to be enabled for the Integration? 

The following APIs are required for the Integration:

The following APIs are optional if you'd like to use Vanta for vulnerability scanning:

Is it possible to connect Vanta without enabling all the APIs listed above?

  • Yes, but Vanta highly recommends enabling all APIs above for the Integration. Doing this will allow you to ensure that any resources created from these services are recognized by Vanta and can be caught by tests to ensure they are secure.

For customers concerned about enabling the API constituting a risk: enabling the API does create a route for other programmatic access to a service. Still, it doesn't also confer permission to use or modify that service. Keeping unused APIs disabled is, in some sense, a control, but it's a thankfully redundant one. 

For customers concerned about pricing: these metadata APIs are billed differently from the products. Don't worry––our polling of the Spanner API will not incur astronomical Spanner bills. Vanta's API usage across all products is measured in U.S. cents for a typical project.

If you'd like to disable monitoring for certain APIs, select the "you may modify these permissions" link on the "Enable project APIs" page when integrating GCP:

 

GCP_permissions.png

 

You can choose which APIs you would like Vanta to use from the drop-down that appears for each project on the right. The list above will show which resources in GCP Vanta will scan for based on your selections. The APIs you deselect will not have to be enabled for the project in GCP, but the selected APIs will need to be enabled for the Integration to work successfully.

 

Are there other options to set up the Integration besides using cloud shell?

  • Yes. The steps included in the shell script can be performed manually through the GCP cloud console UI. Please look at this video for guidance on connecting using the GCP console.

Does Vanta integrate with Google Firebase?

  • Vanta will run a limited scope of tests on Firebase,  looking at the overall configuration of GCP (e.g., user access that MFA is enabled)

 

 

Was this article helpful?

Have more questions? Submit a request