Se rendre au contenu

Security & Compliance

Lynx Compliance - Google Cloud Platform Connector

Pulls compliance evidence from Google Cloud - IAM service accounts and policy bindings, Cloud Storage buckets, KMS keys, Compute Engine VMs, admin audit logs - via OAuth2 service-account auth.

Talk to sales See pricing

lynx_compliance_connector_gcp · v19.0.1.0.0 · Premium

What this solves

Lynx Compliance - Google Cloud Platform Connector

Compliance evidence from Google Cloud Platform. Mirrors the GitHub / Microsoft 365 cloud connectors with GCP-specific resource pulls covering the cloud-resource controls auditors examine first:

  • IAM service accounts (CSF ID.AM-02, ISO A.8.9): inventory of every service account in the project — privileged identities at the cloud-IAM layer.

  • IAM policy bindings (CSF PR.AA-05, ISO A.5.15): the role-to-member mapping for the project.

  • Cloud Storage buckets (CSF PR.DS-05, ISO A.5.10): bucket inventory with public-access flag, encryption / versioning state.

  • Cloud KMS keys (CSF PR.DS-01, ISO A.8.24): KMS key inventory with rotation period and primary version state.

  • Compute Engine VMs (CSF ID.AM-01, ISO A.5.9): VM inventory with state, zone, machine type.

  • Cloud Audit Logs admin activity (CSF DE.CM-01, ISO A.8.16): admin-level events from Cloud Logging for the trailing 90 days.

Authentication is OAuth2 service-account (no domain-wide delegation — GCP service accounts authenticate as themselves). The customer creates a service account in the project, grants the read-only role roles/viewer (or finer-grained reader roles per service), and pastes the service-account JSON into credential_secret.

Key Features

  • GCP connector type - service-account JSON in credential_secret + config_json.project_id (required) + optional config_json.org_id (org-level audit log scope).

  • Six resource pulls - IAM service accounts, IAM policy, GCS buckets, KMS keys, Compute VMs, admin audit log.

  • Pre-seeded collectors - five collectors covering ID.AM-01 (compute VMs), ID.AM-02 (service accounts), PR.AA-05 (IAM bindings), PR.DS-01 (KMS keys), DE.CM-01 (audit log).

  • Token auto-refresh via google-auth's AuthorizedSession; cron runs without manual rotation.

Integrates With

  • lynx_compliance_connectors - registers under the connector framework.

  • lynx_compliance_evidence_collectors - shipped collectors use the standard schedule.

  • GCP REST APIs via the google-auth library + requests.

Depends on

base lynx_compliance lynx_license_enforcer lynx_base lynx_compliance_evidence_collectors lynx_compliance_connectors lynx_compliance_certification

Try Lynx Compliance - Google Cloud Platform Connector on your team.

Free trial, no credit card. Talk to sales when you're ready.

Start free trial Browse all modules