>

Accessing Security Command Center using an SDK

This guide walks you through creating a service account and setting it up for use with Security Command Center (Security Command Center) client libraries.

Before you begin

To complete this guide, you need the following:

  • The Cloud Identity and Access Management (Cloud IAM) role Service Account Admin. For more information about Security Command Center Cloud IAM roles, see Access control.
  • An existing directory path in which a service account private key can be stored. This path is in the context of your Cloud Shell environment, like /home/myuser/mykeys/.

Accessing Security Command Center

To access Security Command Center programmatically, use Cloud Shell to get the client library and authenticate a service account.

Setting up environment variables

  1. Go to the Google Cloud Console.
    Go to the Google Cloud Console
  2. Click Activate Cloud Shell.
  3. Set environment variables by running:

    1. Set your organization name:

      export ORG_ID=[YOUR_ORGANIZATION_ID]
      
    2. Set the project ID:

      export PROJECT_ID=[CLOUD_SCC_ENABLED_PROJECT_ID]
      
    3. Set the custom ID you want to use for a new service account, like scc-sa. The service account name must be between 6 and 30 characters, must begin with a letter, and must be all lowercase alphanumeric characters and hyphens:

      export SERVICE_ACCOUNT=[CUSTOM_ID]
      
    4. Set the path in which the service account key should be stored, like export KEY_LOCATION=/home/$USER/mykeys/$SERVICE_ACCOUNT.json:

      export KEY_LOCATION=[FULL_PATH]
      # This is used by client libraries to find the key
      export GOOGLE_APPLICATION_CREDENTIALS=$KEY_LOCATION
      

Setting up a service account

To access Security Command Center programmatically, you need a private key from a service account to be used by the client. The service account must have the organization level role securitycenter.admin.

  1. Create a service account that's associated with your project ID:

    gcloud iam service-accounts create $SERVICE_ACCOUNT  --display-name \
     "Service Account for [USER]"  --project $PROJECT_ID
    
  2. Create a key to associate with the service account. The key is used for the life of the service and persistently stored at the [KEY_LOCATION] you specify.

    gcloud iam service-accounts keys create $KEY_LOCATION  --iam-account \
     $SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com
    
  3. Grant the service account the securitycenter.admin role for the organization.

    gcloud beta organizations add-iam-policy-binding $ORG_ID \
      --member="serviceAccount:$SERVICE_ACCOUNT@$PROJECT_ID.iam.gserviceaccount.com" \
      --role='roles/securitycenter.admin'
    

Installing client libraries for Security Command Center

Python

To include the Security Command Center Python library as a dependency in your project, follow the process below:

  1. Optional: Before you install the Python library, we recommend using Virtualenv to create an isolated Python environment.

    virtualenv onboarding_example
    source onboarding_example/bin/activate
    
  2. Install pip to manage the Python library installation.

  3. Run the following commands to install the Python library:

    pip install google-cloud-securitycenter
    

Java

To include the Security Command Center Java library as a dependency in your project, select an artifact from the Maven repository.

Go

To download the Go library, run:

go get -u cloud.google.com/go/securitycenter/apiv1

Node.js

To install the Node.js library, run:

npm install --save @google-cloud/security-center

What's next

Using the SDK

Review the guides for all the features that Security Command Center supports:

SDK References

See the complete SDK references:

Esta página foi útil? Conte sua opinião sobre:

Enviar comentários sobre…

Cloud Security Command Center
Precisa de ajuda? Acesse nossa página de suporte.