A Terraform module that establishes secure connectivity between your Google Cloud project and RAD Security's platform for cloud resource discovery and monitoring.
This module creates and configures the necessary IAM roles and permissions to allow Rad Security to securely discover and monitor resources within your Google Cloud project. It utilizes Google Cloud's Workload Identity Federation to authenticate to your Google Cloud project without the need for creating static credentials.
To use this module, add the following to your Terraform configuration:
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.0.0"
}
rad-security = {
source = "rad-security/rad-security"
version = ">= 1.1.6"
}
}
}
provider "rad-security" {
access_key_id = "YOUR_RAD_ACCESS_KEY_ID"
secret_key = "YOUR_RAD_SECRET_KEY"
}
provider "google" {
// Your Google Cloud Terraform Provider configuration here
}
- Creates a custom IAM role with least-privilege permissions for cloud resource discovery
- Sets up Workload Identity Federation for secure cross-cloud authentication
- Configures service accounts and necessary bindings
- Registers your Google Cloud project with RAD Security's platform
- This module currently supports project-level access only
- Organization-level support is not yet implemented
- Uses AWS as the identity provider for Workload Identity Federation
- Creates a custom IAM role with read-only permissions required for Google Cloud resource discovery.
- Sets up a Workload Identity Pool and Provider to authenticate RAD Security's AWS role for authentication.
- Creates a dedicated service account in the target Google Cloud project for RAD Security.
- Configures necessary IAM bindings between the service account and Workload Identity Pool
- Registers your Google Cloud project with RAD Security's platform
- Configure your Google Cloud provider authentication
- Ensure the necessary Google Cloud APIs are enabled:
- IAM API
- Cloud Resource Manager API
- Security Token Service API
Parameter | Description | Default |
---|---|---|
gcp_project_name | Your GCP project name | Current project |
gcp_project_number | Your GCP project number | Current project |
aws_account_id | RAD Security's AWS account ID | 652031173150 |
aws_role_name | RAD Security's AWS Role Name | rad-security-connector |
module "rad_security_connect" {
source = "rad-security/rad-security-connect/google"
}
module "rad_security_connect" {
source = "rad-security/rad-security-connect/google"
gcp_project_name = "my-production-project"
gcp_project_number = "123456789012"
}
Name | Version |
---|---|
terraform | >= 1.0.8 |
rad-security | >= 1.1.6 |
Name | Version |
---|---|
n/a | |
rad-security | >= 1.1.6 |
No modules.
Name | Description | Type | Default | Required |
---|---|---|---|---|
aws_account_id | RAD Security's AWS account ID to authenticate with your Google Cloud project | string |
"955322216602" |
no |
aws_role_name | RAD Security's AWS Role Name to authenticate with your Google Cloud project | string |
"rad-security-connector" |
no |
gcp_project_name | GCP project name (optional - will use current project name if not specified) | string |
null |
no |
gcp_project_number | GCP project number (optional - will use current project number if not specified) | string |
null |
no |
No outputs.