chore(gcp): add script to enable APIs in GCP projects (#4117)

Co-authored-by: Pepe Fagoaga <[email protected]>
prowler-cloud · May 28, 2024 · a5378b5 · a5378b5
1 parent 98b7df6
commit a5378b5
Show file tree

Hide file tree

Showing 27 changed files with 68 additions and 1 deletion.
diff --git a/contrib/cloud9/cloud9-installation.sh → contrib/aws/cloud9/cloud9-installation.sh b/contrib/cloud9/cloud9-installation.sh → contrib/aws/cloud9/cloud9-installation.sh
@@ -14,4 +14,4 @@ cd ~ || exit
 python3.9 -m pip install prowler-cloud
 prowler -v
 # Run Prowler
-prowler
+prowler aws
diff --git a/...rib/cloudshell/cloudshell-installation.sh → ...aws/cloudshell/cloudshell-installation.sh b/...rib/cloudshell/cloudshell-installation.sh → ...aws/cloudshell/cloudshell-installation.sh
diff --git a/...odebuild-prowlerv2-audit-account-cfn.yaml → ...odebuild-prowlerv2-audit-account-cfn.yaml b/...odebuild-prowlerv2-audit-account-cfn.yaml → ...odebuild-prowlerv2-audit-account-cfn.yaml
diff --git a/...odebuild-prowlerv3-audit-account-cfn.yaml → ...odebuild-prowlerv3-audit-account-cfn.yaml b/...odebuild-prowlerv3-audit-account-cfn.yaml → ...odebuild-prowlerv3-audit-account-cfn.yaml
diff --git a/...b/multi-account-securityhub/.awsvariables → ...s/multi-account-securityhub/.awsvariables b/...b/multi-account-securityhub/.awsvariables → ...s/multi-account-securityhub/.awsvariables
diff --git a/contrib/multi-account-securityhub/Dockerfile → .../aws/multi-account-securityhub/Dockerfile b/contrib/multi-account-securityhub/Dockerfile → .../aws/multi-account-securityhub/Dockerfile
diff --git a/contrib/multi-account-securityhub/README.md → ...b/aws/multi-account-securityhub/README.md b/contrib/multi-account-securityhub/README.md → ...b/aws/multi-account-securityhub/README.md
diff --git a/...nt-securityhub/run-prowler-securityhub.sh → ...nt-securityhub/run-prowler-securityhub.sh b/...nt-securityhub/run-prowler-securityhub.sh → ...nt-securityhub/run-prowler-securityhub.sh
diff --git a/...templates/CF-Prowler-CrossAccountRole.yml → ...templates/CF-Prowler-CrossAccountRole.yml b/...templates/CF-Prowler-CrossAccountRole.yml → ...templates/CF-Prowler-CrossAccountRole.yml
diff --git a/...-securityhub/templates/CF-Prowler-ECS.yml → ...-securityhub/templates/CF-Prowler-ECS.yml b/...-securityhub/templates/CF-Prowler-ECS.yml → ...-securityhub/templates/CF-Prowler-ECS.yml
diff --git a/...-securityhub/templates/CF-Prowler-IAM.yml → ...-securityhub/templates/CF-Prowler-IAM.yml b/...-securityhub/templates/CF-Prowler-IAM.yml → ...-securityhub/templates/CF-Prowler-IAM.yml
diff --git a/contrib/org-multi-account/ProwlerEC2.yaml → ...rib/aws/org-multi-account/ProwlerEC2.yaml b/contrib/org-multi-account/ProwlerEC2.yaml → ...rib/aws/org-multi-account/ProwlerEC2.yaml
diff --git a/contrib/org-multi-account/ProwlerRole.yaml → ...ib/aws/org-multi-account/ProwlerRole.yaml b/contrib/org-multi-account/ProwlerRole.yaml → ...ib/aws/org-multi-account/ProwlerRole.yaml
diff --git a/contrib/org-multi-account/ProwlerS3.yaml → contrib/aws/org-multi-account/ProwlerS3.yaml b/contrib/org-multi-account/ProwlerS3.yaml → contrib/aws/org-multi-account/ProwlerS3.yaml
diff --git a/contrib/org-multi-account/README.md → contrib/aws/org-multi-account/README.md b/contrib/org-multi-account/README.md → contrib/aws/org-multi-account/README.md
diff --git a/...ti-account/serverless_codebuild/README.md → ...ti-account/serverless_codebuild/README.md b/...ti-account/serverless_codebuild/README.md → ...ti-account/serverless_codebuild/README.md
diff --git a/...account/serverless_codebuild/README_kr.md → ...account/serverless_codebuild/README_kr.md b/...account/serverless_codebuild/README_kr.md → ...account/serverless_codebuild/README_kr.md
diff --git a/.../docs/images/prowler_org_architecture.png → .../docs/images/prowler_org_architecture.png b/.../docs/images/prowler_org_architecture.png → .../docs/images/prowler_org_architecture.png
diff --git a/...s_codebuild/docs/images/s3_screenshot.png → ...s_codebuild/docs/images/s3_screenshot.png b/...s_codebuild/docs/images/s3_screenshot.png → ...s_codebuild/docs/images/s3_screenshot.png
diff --git a/...less_codebuild/src/run-prowler-reports.sh → ...less_codebuild/src/run-prowler-reports.sh b/...less_codebuild/src/run-prowler-reports.sh → ...less_codebuild/src/run-prowler-reports.sh
diff --git a/..._codebuild/src/run-prowler-reports.sh.zip → ..._codebuild/src/run-prowler-reports.sh.zip b/..._codebuild/src/run-prowler-reports.sh.zip → ..._codebuild/src/run-prowler-reports.sh.zip
diff --git a/...uild/templates/ProwlerCodeBuildStack.yaml → ...uild/templates/ProwlerCodeBuildStack.yaml b/...uild/templates/ProwlerCodeBuildStack.yaml → ...uild/templates/ProwlerCodeBuildStack.yaml
diff --git a/...less_codebuild/templates/ProwlerRole.yaml → ...less_codebuild/templates/ProwlerRole.yaml b/...less_codebuild/templates/ProwlerRole.yaml → ...less_codebuild/templates/ProwlerRole.yaml
diff --git a/...erless_codebuild/templates/ProwlerS3.yaml → ...erless_codebuild/templates/ProwlerS3.yaml b/...erless_codebuild/templates/ProwlerS3.yaml → ...erless_codebuild/templates/ProwlerS3.yaml
diff --git a/...-multi-account/src/run-prowler-reports.sh → ...-multi-account/src/run-prowler-reports.sh b/...-multi-account/src/run-prowler-reports.sh → ...-multi-account/src/run-prowler-reports.sh
diff --git a/contrib/gcp/enable_apis_in_projects.sh b/contrib/gcp/enable_apis_in_projects.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+# List of project IDs
+PROJECT_IDS=(
+    "project-id-1"
+    "project-id-2"
+    "project-id-3"
+    # Add more project IDs as needed
+)
+
+# List of Prowler APIs to enable
+APIS=(
+    "apikeys.googleapis.com"
+    "artifactregistry.googleapis.com"
+    "bigquery.googleapis.com"
+    "sqladmin.googleapis.com"  # Cloud SQL
+    "storage.googleapis.com"  # Cloud Storage
+    "compute.googleapis.com"
+    "dataproc.googleapis.com"
+    "dns.googleapis.com"
+    "containerregistry.googleapis.com"  # GCR (Google Container Registry)
+    "container.googleapis.com"  # GKE (Google Kubernetes Engine)
+    "iam.googleapis.com"
+    "cloudkms.googleapis.com"  # KMS (Key Management Service)
+    "logging.googleapis.com"
+)
+
+# Function to enable APIs for a given project
+enable_apis_for_project() {
+    local PROJECT_ID=$1
+
+    echo "Enabling APIs for project: ${PROJECT_ID}"
+
+    for API in "${APIS[@]}"; do
+        echo "Enabling API: $API for project: ${PROJECT_ID}"
+        if gcloud services enable "${API}" --project="${PROJECT_ID}"; then
+            echo "Successfully enabled API $API for project ${PROJECT_ID}."
+        else
+            echo "Failed to enable API $API for project ${PROJECT_ID}."
+        fi
+    done
+}
+
+# Loop over each project and enable the APIs
+for PROJECT_ID in "${PROJECT_IDS[@]}"; do
+    enable_apis_for_project "${PROJECT_ID}"
+done
diff --git a/docs/tutorials/gcp/authentication.md b/docs/tutorials/gcp/authentication.md
@@ -24,3 +24,23 @@ Prowler will follow the same credentials search as [Google authentication librar
 3. [The attached service account, returned by the metadata server](https://cloud.google.com/docs/authentication/application-default-credentials#attached-sa)
 
 Those credentials must be associated to a user or service account with proper permissions to do all checks. To make sure, add the `Viewer` role to the member associated with the credentials.
+
+# GCP Service APIs
+
+Prowler will use the Google Cloud APIs to get the information needed to perform the checks. Make sure that the following APIs are enabled in the project:
+
+- apikeys.googleapis.com
+- artifactregistry.googleapis.com
+- bigquery.googleapis.com
+- sqladmin.googleapis.com
+- storage.googleapis.com
+- compute.googleapis.com
+- dataproc.googleapis.com
+- dns.googleapis.com
+- containerregistry.googleapis.com
+- container.googleapis.com
+- iam.googleapis.com
+- cloudkms.googleapis.com
+- logging.googleapis.com
+
+You can enable them automatically using our script [enable_apis_in_projects.sh](https://github.com/prowler-cloud/prowler/blob/master/contrib/gcp/enable_apis_in_projects.sh)