Connect to Google Cloud Platform

Connect your VSM workspace to your Google Cloud Platform environment

The Public Cloud Integration needs a service account equipped with certain permissions to be able to scan your GCP projects. The following guide explains the setup process in detail.


  • User within GCP with administrative privileges on level of an organization/folder/project
  • Active project linked to a billing account

Step by Step Guide

Create Service Account

  1. Follow the official Google documentation to create a service account with the following details:
    Name: LeanIX Scanner
    ID: will be auto-generated
    Description: Used by LeanIX to call the GCP API
Service Account CreationService Account Creation

Service Account Creation

  1. Generate a JSON key for the newly created service account which will be downloaded automatically

Activate the "Cloud Asset API"

The Cloud Asset API needs to be activated for the GCP project that contains the previously created scanner service account.

  1. Open the API Library and make sure that the correct project is selected

  2. Click “enable” to activate the API

Add Permissions

  1. Go to the GCP console IAM page and select the organization/folder or project you plan to add to LeanIX
  2. Click “add” to add a new user to your organization/folder or project
  1. Add the newly created LeanIX scanner service account to your organization/folder or project and select the roles “Cloud Asset Viewer” and “Viewer” and click save

Configure LeanIX Workspace

  1. Open the “Administration” page for your LeanIX VSM workspace:
  1. Select the “Cloud Service Discovery” configuration on the left panel:
  1. Add an additional “gcp” entry to the json configuration that must contain:
  • organizationalId: The id of the organization, folder or project you would like to scan - e.g. “organizations/my-organization-id”, “folders/my-folder-id” or “projects/my-project-id”
  • serviceAccountJson: The previously created and downloaded service account json
  1. Click the “Overwrite all configurations” button to save the configuration

  2. Click the “Scan now” button to confirm the configuration to be working

Did this page help you?