# NG SIEM - GCP Integration

<span style="color: rgb(52, 73, 94);">**Google Cloud Platform** **(GCP)** is Google’s suite of cloud computing services that lets businesses and developers build, deploy, and scale applications on **Google’s infrastructure**. It offers a wide range of services, including computing power (like **virtual machines** and **Kubernetes**), **storage, databases**, **machine learning**, **networking**, and **analytics**. **GCP** is known for its global reliability, security, and integration with **Google’s data** and **AI tools**, making it suitable for everything from simple websites to complex enterprise applications.</span>

---

#### <span style="color: rgb(53, 152, 219);">**Authentication**</span>

To use the **Google Cloud Platform (GCP)** integration, the client must configure a **Service Account (SA)** that represents a non-human identity requiring access to **GCP** resources.

---

#### <span style="color: rgb(53, 152, 219);">**Service Account**</span>

First, you need to [create a Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts). A Service Account (SA) is a particular type of Google account intended to represent a non-human user who needs to access the GCP resources.

The AQUILA Agent uses the SA to access data on Google Cloud Platform using the Google APIs.

---

#### **<span style="color: rgb(53, 152, 219);">IAM Service Account Roles</span>**

##### <span style="color: rgb(52, 73, 94);">**For GCP Integration**</span>  


- **Cloud Memorystore Redis Viewer:** Read-only access to Redis instances and related resources.
- **Cloud SQL Viewer:** Read-only access to Cloud SQL resources.
- Compute Viewer: Read-only access to get and list information about all Compute Engine resources, including instances, disks, and firewalls. Allows getting and listing information about disks, images, and snapshots, but does not allow reading the data stored on them.
- **Logs Viewer:** Access to view logs, except for logs with private contents.
- **Monitoring Viewer:** Read-only access to get and list information about all monitoring data and configuration.
- **Private Logs Viewer:** Access to view all logs, including logs with private contents.
- **Pub/Sub Subscriber:** Consume messages from a subscription, attach subscriptions to a topic, and seek to a snapshot.
- **Service Account Key Admin:** Create and manage (and rotate) service account keys.
- **Viewer:** View most Google Cloud resources. See the list of included permissions.