Import assets from Google Cloud DNS.
Halo Security's GCP connector allows you to import assets directly from Google's Cloud DNS service. It works by using a GCP service account with read permissions to Cloud DNS records and zones.
The first step in connecting Halo Security to Cloud DNS is to create a project that a service account can then be assigned to.
To create a new project, visit https://console.cloud.google.com/iam-admin/serviceaccounts. Then click Create Project. Give the project a name, like "Halo Security Connector", then attach it to your Organization and Location.
To allow Halo Security to access DNS records, we will create a service account that has access to the new project and assign it a role that only permits the account to read DNS settings. This limits the service account from being used to access or modify other functionality inside Google Cloud Platform.
After creating a project, you will be redirected to the "Service accounts" page. Click Create Service Account and assign it a name. Then click CREATE AND CONTINUE to grant the service account access to the project and assign it a role.
Under the Select a role dropdown, filter by DNS and select the DNS Reader role and click DONE.
After the service account has been created and a role assigned, you will be redirected back to the main service account page. Click on the newly created account, and navigate to the KEYS section.
Under the ADD KEY dropdown, select Create new key, ensure that JSON is selected, and create. The new key will automatically be downloaded to your computer with a name corresponding to your project.
Click the "+" icon in the top right to add a new connector and select "Google Cloud" for the type. After giving the new connector a name, you will be redirected to Connector Setup.
Under the Service Account Key File section, choose the file upload button and upload the key that was created in Step 3, then click save. After verifying the account details your connector will be ready for use.