Connecting Kawach & Google Cloud Platform (GCP)

Overview

This article explains how to integrate Google Cloud Platform (GCP) with Kawach to enable centralized compliance monitoring across your GCP environment. Once connected, Kawach can monitor GCP resources in read-only mode and surface relevant findings as part of your compliance and risk workflows.

This integration helps ensure that cloud resource configurations, access controls, and monitoring signals are consistently tracked and available for audits, reviews, and internal assessments.

Prerequisites

Before starting the integration, ensure the following:

You have an active GCP project.
You have access to the GCP IAM console with permissions to create a service account and assign roles.
A GCP project owner or admin is available to approve the connection.
You have access to your organization’s Kawach account with permissions to manage integrations.

What Kawach Accesses

Kawach connects to Google Cloud Platform in read-only mode. It does not modify any configuration or resources.

Once connected, Kawach can:

Read GCP resource configurations and asset metadata
Read IAM policies and security-related metadata
Read monitoring data, logs, and metrics to surface compliance-relevant alerts

Steps to Integrate GCP with Kawach

Step 1: Navigate to Integrations in Kawach

Log in to your Kawach account.
Go to Settings.
Select the Integrations tab.
Click Create.
Locate GCP from the list of available integrations.
Click Connect.

Step 2: Authorize Kawach in GCP

You will be redirected to the Google account selection page.
Sign in using your work Google account.
Select the GCP project you want to connect.
Review the permissions requested by Kawach.
Approve the connection.

Note: You must have sufficient IAM permissions, and a GCP project owner or admin must approve the authorization. Personal Google accounts are not supported.

Step 3: Grant Required Roles

After authorization:

Review and confirm the required read-only roles.
Assign Viewer, Security Reviewer, and Monitoring Viewer roles.
Confirm the role assignment.

Kawach will begin syncing data from the selected GCP project.

After the Integration

Once the integration is complete:

GCP resources are continuously monitored within Kawach.
Relevant findings are surfaced as part of compliance workflows.
Teams get centralized visibility without switching tools.

This setup supports ongoing compliance by ensuring cloud infrastructure evidence and monitoring signals are consistently available.

Troubleshooting

Pin icon Authorization failed

⌄

Ensure you are logged into the correct Google work account and have permission to approve IAM role assignments.

Pin icon Resources not visible

⌄

Verify that the required read-only roles are correctly assigned to the Kawach service account.

Pin icon Data not syncing

⌄

Allow a few minutes after setup. If issues persist, try reconnecting the integration.