Skip to main content

GCP Integration

This guide walks you through the step-by-step process of connecting your GCP account to ComplyJet.

Upendra Varma avatar
Written by Upendra Varma
Updated over a week ago

Prerequisites

Before you begin, ensure you meet the following requirements.

Required Permissions

The GCP user setting up the integration must have the following roles assigned:

 - Owner (roles/owner) at the project level
 - Organization Administrator (roles/resourcemanager.organizationAdmin) at the org level

These permissions are necessary to create service accounts, custom roles, and assign permissions.

Step 1: Select Your GCP Production Project

ComplyJet needs to know which GCP project to monitor.

  1. Go to the GCP Console.

  2. Switch to the project that contains your production infrastructure.

  3. Copy the Project ID and enter it into ComplyJet when prompted.

  • Why this is needed:

    ComplyJet will use this project as the scope for collecting infrastructure data and running compliance checks.

Step 2: Enable Required APIs

ComplyJet requires access to several GCP APIs to collect metadata and monitor services.

  1. Go to the API & Services > Dashboard in the selected project.

  2. Make sure the following APIs are enabled:

 - Compute Engine API
 - Cloud Resource Manager API
 - Admin SDK API
 - Cloud SQL Admin API
 - Cloud Monitoring API
 - Cloud Asset API

  1. If any are missing, go to API & Services > Library, search for each API, and click Enable.

  • Why this is needed:

    These APIs provide read-only access to your resources and are essential for continuous monitoring.

Step 3: Create a Custom Project Role

You’ll create a custom IAM role with the minimal set of permissions required to inspect storage bucket metadata.

  1. Navigate to IAM & Admin > Roles.

  2. Click Create Role and use the following values:

Title: ComplyJet Read-Only
Project Role ID: ComplyJetReadOnlyProjectRole
Description: Role to allow ComplyJet read-only access to project resources

  1. Click Add Permissions and include:

- storage.buckets.get
- storage.buckets.getIamPolicy

  1. Set Role launch stage to General Availability.

  2. Click Create.

Step 4: Create a Service Account

Now create a service account that ComplyJet will use to access your GCP environment.

  1. Go to IAM & Admin > Service Accounts.

  2. Click Create Service Account and enter the following:

Name: ComplyJet Service Account
Description: Service Account with read-only access for ComplyJet Autopilot

  1. On the Roles screen:

  • First, assign the Viewer role (under Basic).

  • Then, click Add Another Role and assign the ComplyJet Read-Only Project Role you just created.

  1. Click Done to finish creating the service account.

  2. Copy the Service Account Email — you’ll need it later.

Download and Upload the Service Account Key

  1. In the Service Accounts list, click the (ellipsis) next to the new account and select Manage keys.

  2. Click Add Key → Create new key.

  3. Choose JSON as the key type and download it.

Important: This JSON key allows access to your GCP environment. Store it securely.

  1. Open the JSON file and paste its contents into the ComplyJet form.

Step 5: Create a Custom Organizational Role

This role grants ComplyJet access to read organization-wide metadata and IAM policies.

  1. Switch the scope in the header dropdown to your organization.

  2. Go to IAM & Admin > Roles.

  3. Click Create Role and use the following values:

Title: ComplyJet Read-Only Organizational
Role ID: ComplyJetReadOnlyOrganizationalRole
Description: Organizational-level read access for ComplyJet Autopilot

  1. Add the following permissions:

- cloudasset.assets.searchAllResources
- resourcemanager.folders.get
- resourcemanager.organizations.get
- resourcemanager.organizations.getIamPolicy
- storage.buckets.get
- storage.buckets.getIamPolicy

  1. Set Role launch stage to General Availability and click Create.

Step 6: Assign the Organizational Role to the Service Account

  1. Go to IAM & Admin > IAM at the organization level.

  2. Click Grant Access.

  3. Enter the Service Account Email you copied earlier.

  4. Assign the following roles:

- ComplyJet Read-Only Organizational Role - Viewer (Basic)

  1. Click Save.

Completion

Once you've entered all the required values and uploaded the JSON key to ComplyJet, click Connect to finalize the integration. ComplyJet will begin syncing data from your GCP environment and perform compliance checks based on the connected infrastructure.

If you run into any issues, please reach out to our support team via the in-app chat. We're happy to help.

Related Articles
AWS Integration
Azure Integration
Google Workspace Integration
Hexnode Integration
SWIF Integration
Did this answer your question?