UNPKG

cloudflare-security-events

Version:

Deliver Cloudflare logs to Google Cloud Security Command Center

github.com/shagamemnon/cloudflare-security-events

shagamemnon/cloudflare-security-events

49 lines (40 loc) 1.86 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
--- # Service Account list: gcloud iam service-accounts list --format="json[0](email)" --filter="email=SERVICE_ACCOUNT@PROJECT_ID.iam.gserviceaccount.com" create: gcloud iam service-accounts create SERVICE_ACCOUNT --display-name "Service Account for SCC" --format=json add_binding: organization: cmd: - gcloud organizations add-iam-policy-binding GCLOUD_ORG --member='serviceAccount:SERVICE_ACCOUNT@PROJECT_ID.iam.gserviceaccount.com' --role=ROLE_ID --format=json roles: - roles/appengine.appAdmin - roles/bigquery.admin - roles/billing.user - roles/cloudfunctions.developer - roles/cloudfunctions.serviceAgent - roles/cloudtasks.admin - roles/container.developer - roles/deploymentmanager.editor - roles/iam.serviceAccountActor - roles/iam.serviceAccountAdmin - roles/iam.serviceAccountKeyAdmin - roles/iam.serviceAccountUser - roles/orgpolicy.policyAdmin - roles/resourcemanager.projectCreator - roles/resourcemanager.projectIamAdmin - roles/securitycenter.admin - roles/servicemanagement.admin - roles/servicemanagement.quotaAdmin project: cmd: - gcloud projects add-iam-policy-binding PROJECT_ID --member='serviceAccount:SERVICE_ACCOUNT@PROJECT_ID.iam.gserviceaccount.com' --role=ROLE_ID --format=json roles: - roles/iam.serviceAccountAdmin - roles/iam.serviceAccountKeyAdmin - roles/editor - roles/storage.admin - roles/storage.objectAdmin - roles/pubsub.admin - roles/browser download_key: gcloud iam service-accounts keys create DEPLOYMENT_DIR/scc_key.json --iam-account SERVICE_ACCOUNT@PROJECT_ID.iam.gserviceaccount.com activate: gcloud auth activate-service-account SERVICE_ACCOUNT@PROJECT_ID.iam.gserviceaccount.com --key-file=DEPLOYMENT_DIR/scc_key.json