search

terraform-google-modules / terraform-example-foundation

Shows how the CFT modules can be composed to build a secure cloud foundation
https://cloud.google.com/architecture/security-foundations
Apache License 2.0
1.21k stars 708 forks source link

1-org requires securitycenter.notificationconfig.get permissions - add Security Center Admin role after enabling SCC - new org issue (where SCC was not enabled yet) #1145

Closed obriensystems closed 5 months ago

obriensystems commented 6 months ago

TL;DR

add Security Center Notification Configurations Editor for step 3 of https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/1-org/README.md#deploying-with-cloud-build

export ORGANIZATION_ID=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -json common_config | jq '.org_id' --raw-output)
gcloud scc notifications describe "scc-notify" --organization=${ORGANIZATION_ID}

Expected behavior

No response

Observed behavior

after setting permission

michael@cloudshell:~/tef-olapp/github/gcp-org (tef-olapp)$ gcloud scc notifications describe "scc-notify" --organization=${ORGANIZATION_ID}
ERROR: (gcloud.scc.notifications.describe) INVALID_ARGUMENT: Security Command Center Legacy has been permanently disabled as of June 7, 2021. Migrate to Security Command Center's Standard tier or Premium tier to maintain access to Security Command Center. See https://cloud.google.com/security-command-center/docs/quickstart-security-command-center for more info.

Terraform Configuration

shell

Terraform Version

1.7.4

Additional information

No response

obriensystems commented 6 months ago

enable Security Command Center

Screenshot 2024-03-07 at 13 19 50

free version

Screenshot 2024-03-07 at 13 21 33

skip data residency for now because I am testing in us-central1 not northamerica-northeast1

Screenshot 2024-03-07 at 13 22 02

now grant roles that caused issues in https://github.com/terraform-google-modules/terraform-example-foundation/issues/1145

Screenshot 2024-03-07 at 13 23 02 Screenshot 2024-03-07 at 13 23 35 Screenshot 2024-03-07 at 13 25 01
obriensystems commented 6 months ago

rerun

michael@cloudshell:~/tef-olapp/github/gcp-org (tef-olapp)$ gcloud scc notifications describe "scc-notify" --organization=${ORGANIZATION_ID}
ERROR: (gcloud.scc.notifications.describe) NOT_FOUND: Requested entity was not found.
michael@cloudshell:~/tef-olapp/github/gcp-org (tef-olapp)$

enable SSC on project -allready enabled

Screenshot 2024-03-07 at 13 28 05

api call is deprecated

fmichaelobrien commented 5 months ago

stale bot timer restart - https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/.github/workflows/stale.yml#L21