Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Onboarding GCP Infrastructure via Terraform

    Table of Contents

    Overview Instructions for Infrastructure Connection Next Steps

    Overview

    These instructions are used for onboarding GCP Projects and Organizations as infrastructure connections within Netskope One DSPM via Terraform. Such connections permit Netskope One DSPM to discover your available data stores and facilitate scanning and classification activities. You will repeat these steps for each GCP Project or Organization you wish to onboard to Netskope One DSPM.

    For these instructions, you will start activity within Netskope One DSPM, next be directed to perform actions within the Terraform CLI, GCP CLI or Console, then finally return to Netskope One DSPM to complete the connection. 

    Verify that the below software tools are installed and configured on your machine before continuing. You would need to have the following toolset installed and configured while invoking them from the terminal.

    In addition, ensure that you validate the latest version of these toolsets by running the following commands at your terminal prompt:

    terraform --version (Ver 1.5.1)
gcloud --version (Ver 438.0.0)

    Instructions for Infrastructure Connection

    Individual GCP Project

    You will repeat these steps for each individual GCP Project you wish to onboard within the Netskope One DSPM application.

     

    Steps to Complete Netskope One DSPM Infrastructure Connection

    1. Log into Netskope One DSPM.
    2. Navigate to Administration Infrastructure Connections → GCP tab.
    3. Click the Add Infrastructure button in the upper right. 
    4. Click ADD PROJECT.
    5. Leave on or toggle off Auto-Discover New Data Stores and Ingest the Policy Tag Taxonomy, depending on your preference.
    6. Click NEXT.
    7. Enter the following values:
    Field Value
    Project Name Any value (this is used to identify your infrastructure connection within Netskope One DSPM).
    Project ID

    Obtain from your GCP console:
    Netskope One DSPM Service Account Name Will default to Netskope One DSPM-service-account. Note that this value needs to be unique to each onboarded project.
    1.  Select Terraform.
    2.  Click DOWNLOAD TEMPLATE to download a .zip file with Terraform scripts. Leave Netskope One DSPM open with the Add Infrastructure modal to return to later.

    The next several steps are completed within the terminal on your local machine: 

    1.  Extract the .zip file from your downloads folder. A folder is created called account, which will contain the relevant Terraform files.
    2. Run the following command: terraform init. The command will run with the text Initializing the backend…
    3.  Once complete, you will see success text in green: Terraform has been successfully initialized, with additional output text below.
    4. Run the script by running the command: terraform apply. You will see a warning here if you are not logged in or have improper credentials within GCP.
    5. You will see an output of resources to be created, including Project Name, Netskope One DSPM Service Account Name, and Project ID. Enter yes to continue.
    6. Once finished, you will see success text in green: Apply complete! Resources: XX added, 0 changed, 0 destroyed.

    Return to Add Infrastructure modal in Netskope One DSPM and click I'VE ALREADY RUN THE TEMPLATE. Take the following steps to complete the infrastructure connection. 

    1.  GCP Projects require a Service Account .json key file. This file generates as output to your account folder described above once you've successfully run the Terraform script. 
    1. Locate the account file in your downloads folder from Step 1 above.
    2. Drag and drop the Netskope One DSPM-credentials.json file into the Add Infrastructure modal where you see upload icon.
    3. Click SAVE.

    Your GCP Project Infrastructure connection is now complete, and you are able to discover data stores for analysis.

     
     

    GCP Organization

    You will perform these steps once for each GCP organization you wish to onboard within the Netskope One DSPM application. Any changes to your organization's membership units will be automatically accommodated.

     

    Steps to Complete Netskope One DSPM Infrastructure Connection

    1. Log into Netskope One DSPM.
    2. Navigate to Administration Infrastructure Connections → GCP tab.
    3. Click the Add Infrastructure button in the upper right. 
    4. Click ADD ORGANIZATION.
    5. Leave on or toggle off Auto-Discover New Projects, Auto-Discover New Data Stores, and Ingest the Policy Tag Taxonomy, depending on your preference.
    6. Click NEXT.
    7. Enter the following values:
    Field Value
    Organization Name Any value (this is used to identify your infrastructure connection within Netskope One DSPM).
    Organization ID

    Obtain from your GCP Organizations console.
    Netskope One DSPM Service Account Name Will default to Netskope One DSPM-service-account. Note that this value needs to be unique to each onboarded organization.
    1. Select Terraform.
    2. Click DOWNLOAD TEMPLATE to download a .zip file with Terraform scripts. Leave Netskope One DSPM open with the Add Infrastructure modal to return to later.

    The next several steps are completed within the terminal on your local machine: 

    1.  Extract the .zip file from your downloads folder. A folder is created called org, which will contain the relevant Terraform files.
    2. Run the following command: terraform init. The command will run with the text Initializing the backend…
    3.  Once complete, you will see success text in green: Terraform has been successfully initialized, with additional output text below.
    4. Run the script by running the command: terraform apply. You will see a warning here if you are not logged in or have improper credentials within GCP.
    5. You will see an output of resources to be created, including Service Account Role, Organization Name, and Organization ID. Enter yes to continue.
    6. Once finished, you will see success text in green: Apply complete! Resources: XX added, 0 changed, 0 destroyed.

    Return to Add Infrastructure modal in Netskope One DSPM and click I'VE ALREADY RUN THE TEMPLATE. Take the following steps to complete the infrastructure connection. 

    1.  GCP Organizations require a Service Account .json key file. This file generates as output to your account folder described above once you've successfully run the Terraform script. 
    1. Locate the org file in your downloads folder from Step 1 above.
    2. Drag and drop the Netskope One DSPM-credentials.json file into the Add Infrastructure modal where you see upload icon.
    3. Click SAVE.

    Your GCP Organization Infrastructure connection is now complete, and you are able to discover accounts within the organization and data stores for analysis.

     
     

    Note: For each GCP Project infrastructure connection, if it is a member of the Organization being onboarded, we consolidate that individual Infrastructure Connection to fall underneath the Organization within the UI. 

     

    Next Steps

    • If you have additional GCP Organizations or Projects to onboard in Netskope One DSPM, repeat the above steps.
    • Connect your discovered Data Stores. For more information, visit our Connecting GCP Data Stores category and select the article(s) applicable to the Data Store Type(s) you wish to connect.

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Netskope Technical Support