Prowler will use by default your User Account credentials, you can configure it using:
gcloud initto use a new account
gcloud config set account <account>to use an existing account
Then, obtain your access credentials using:
gcloud auth application-default login
Otherwise, you can generate and download Service Account keys in JSON format (refer to https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and provide the location of the file with the following argument:
prowler will scan the GCP project associated with the credentials.
Prowler will follow the same credentials search as Google authentication libraries:
- GOOGLE_APPLICATION_CREDENTIALS environment variable
- User credentials set up by using the Google Cloud CLI
- The attached service account, returned by the metadata server
Those credentials must be associated to a user or service account with proper permissions to do all checks. To make sure, add the
Viewer role to the member associated with the credentials.