> ## Documentation Index
> Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Google Cloud Platform (GCP)
> How DSALTA integrates with Google Cloud Platform (GCP) — data collected, setup guide, and automated compliance checks.
## Overview
DSALTA connects to Google Cloud Platform (GCP) using read-only API access to collect compliance evidence automatically. Data syncs every 24 hours and feeds into your Data Library modules.
**Read-only access.** DSALTA never modifies, creates, or deletes resources in your Google Cloud Platform (GCP) environment.
## How to Connect
1. Go to **Integrations** in the DSALTA sidebar.
2. Find **Google Cloud Platform (GCP)** and click **Connect**.
3. Authenticate with admin-level access.
4. Select the scope (accounts, projects, or resources to monitor).
5. DSALTA performs an initial sync (5-15 minutes). Checks activate after sync completes.
## Automated Compliance Checks
Each check below runs automatically every 24 hours. Click any check for step-by-step remediation guidance.
| Check | Description |
| --------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- |
| [GCP users should have MFA enabled](/integrations/gcp/gcp-users-should-have-mfa-enabled) | Checks that MFA is enabled for all GCP user accounts. |
| [GCP should redirect HTTP to HTTPS](/integrations/gcp/gcp-should-redirect-http-to-https) | Checks that GCP redirects HTTP traffic to HTTPS. |
| [GCP should be on HTTPS](/integrations/gcp/gcp-should-be-on-https) | Checks that GCP services are accessible over HTTPS. |
| [Google Security Command Center should be enabled](/integrations/gcp/google-security-command-center-should-be-enabled) | Checks that Google Security Command Center is enabled. |
| [Reported incidents should be closed in Security Command Center](/integrations/gcp/gcp-incidents-closed-in-scc) | Checks that incidents detected in Google Security Command Center are closed. |
| [GCP bucket storage should be encrypted](/integrations/gcp/gcp-bucket-storage-should-be-encrypted) | Checks that GCP Cloud Storage buckets are encrypted at rest. |
| [GCP VPC subnet flow logs should be captured](/integrations/gcp/gcp-vpc-subnet-flow-logs-should-be-captured) | Checks that VPC subnet flow logs are enabled in GCP. |
| [GCP Kubernetes clusters should have logging and monitoring enabled](/integrations/gcp/gcp-gke-logging-monitoring) | Checks that GCP Kubernetes clusters have logging and cloud monitoring enabled. |
| [GKE Kubernetes Web UI Dashboard should be disabled](/integrations/gcp/gke-kubernetes-web-ui-dashboard-should-be-disabled) | Checks that the Kubernetes Web UI Dashboard is disabled in GKE. |
| [GKE Metadata Server should be enabled](/integrations/gcp/gke-metadata-server-should-be-enabled) | Checks that GKE Metadata Server is enabled on node pools. |
| [GCP Firestore read frequency should be monitored](/integrations/gcp/gcp-firestore-read-frequency-should-be-monitored) | Checks that GCP Firestore read frequency is being monitored. |
| [GCP Firestore write frequency should be monitored](/integrations/gcp/gcp-firestore-write-frequency-should-be-monitored) | Checks that GCP Firestore write frequency is being monitored. |
| [GCP Compute instance CPU utilization should be monitored](/integrations/gcp/gcp-compute-instance-cpu-utilization-should-be-monitored) | Checks that GCP Compute instance CPU utilization is being monitored. |
| [GCP Compute instances should be protected from direct internet traffic](/integrations/gcp/gcp-compute-no-public-access) | Checks that GCP Compute instances are not directly exposed to the internet. |
| [GCP Cloud SQL CPU utilization should be monitored](/integrations/gcp/gcp-cloud-sql-cpu-utilization-should-be-monitored) | Checks that GCP Cloud SQL CPU utilization is being monitored. |
| [GCP Cloud SQL should be encrypted](/integrations/gcp/gcp-cloud-sql-should-be-encrypted) | Checks that GCP Cloud SQL databases are encrypted at rest. |
| [GCP Cloud SQL memory utilization should be monitored](/integrations/gcp/gcp-cloud-sql-memory-utilization-should-be-monitored) | Checks that GCP Cloud SQL memory utilization is being monitored. |
| [GCP Cloud SQL backup should be enabled](/integrations/gcp/gcp-cloud-sql-backup-should-be-enabled) | Checks that GCP Cloud SQL automated backups are enabled. |
| [GCP Cloud SQL should be protected from direct internet traffic](/integrations/gcp/gcp-cloud-sql-no-public-access) | Checks that GCP Cloud SQL instances are not directly exposed to the internet. |
| [GCP Cloud SQL connections should require SSL](/integrations/gcp/gcp-cloud-sql-connections-should-require-ssl) | Checks that GCP Cloud SQL requires SSL for all connections. |
| [GCP Cloud Spanner should be encrypted](/integrations/gcp/gcp-cloud-spanner-should-be-encrypted) | Checks that GCP Cloud Spanner databases are encrypted at rest. |
| [GCP Bigtable should be encrypted](/integrations/gcp/gcp-bigtable-should-be-encrypted) | Checks that GCP Bigtable instances are encrypted at rest. |
| [GCP Bigtable CPU utilization should be monitored](/integrations/gcp/gcp-bigtable-cpu-utilization-should-be-monitored) | Checks that GCP Bigtable CPU utilization is being monitored. |
| [GCP Bigtable storage utilization should be monitored](/integrations/gcp/gcp-bigtable-storage-utilization-should-be-monitored) | Checks that GCP Bigtable storage utilization is being monitored. |
| [GCP Cloud Storage buckets should be protected from direct internet traffic](/integrations/gcp/gcp-storage-buckets-no-public-access) | Checks that GCP Cloud Storage buckets are not publicly accessible. |
| [GCP BigQuery datasets should be protected from direct internet traffic](/integrations/gcp/gcp-bigquery-no-public-access) | Checks that GCP BigQuery datasets are not publicly accessible. |
| [GCP Cloud Storage should have uniform bucket-level access enabled](/integrations/gcp/gcp-storage-uniform-bucket-access) | Checks that GCP Cloud Storage buckets have uniform bucket-level access enabled. |
| [GCP BigQuery storage should be encrypted](/integrations/gcp/gcp-bigquery-storage-should-be-encrypted) | Checks that GCP BigQuery storage is encrypted at rest. |
| [GCP KMS encryption keys should be protected from direct internet traffic](/integrations/gcp/gcp-kms-no-public-access) | Checks that GCP KMS encryption keys are not directly exposed to the internet. |
| [GCP KMS encryption keys should be rotated within 90 days](/integrations/gcp/gcp-kms-encryption-keys-should-be-rotated-within-90-days) | Checks that GCP KMS encryption keys are rotated within 90 days. |
| [GCP essential contacts should be configured](/integrations/gcp/gcp-essential-contacts-should-be-configured) | Checks that GCP essential contacts are configured for the project. |
| [GCP log sink should be configured for all log entries](/integrations/gcp/gcp-log-sink-should-be-configured-for-all-log-entries) | Checks that a GCP log sink is configured to capture all log entries. |
| [GCP service account keys should only be GCP-managed](/integrations/gcp/gcp-service-account-keys-should-only-be-gcp-managed) | Checks that GCP service account keys are GCP-managed only. |
| [GCP service account user-managed keys should be rotated every 90 days](/integrations/gcp/gcp-sa-key-rotation-90-days) | Checks that user-managed GCP service account keys are rotated within 90 days. |
| [GCP service accounts should not have admin privileges](/integrations/gcp/gcp-service-accounts-should-not-have-admin-privileges) | Checks that GCP service accounts do not have admin-level privileges. |
| [GCP service account user role should not be assigned at project level](/integrations/gcp/gcp-sa-no-project-level-role) | Checks that the GCP service account user/token creator role is not assigned at the project level. |
| [Infrastructure entities should be classified](/integrations/gcp/infrastructure-entities-should-be-classified) | Checks that all GCP infrastructure entities are classified by criticality. |
| [Reported incidents should be closed in DSALTA](/integrations/gcp/reported-incidents-should-be-closed-in-dsalta) | Checks that incidents reported in GCP Security Command Center are resolved in DSALTA. |
| [Users should be identified](/integrations/gcp/users-should-be-identified) | Checks that GCP users are identified and documented. |
| [User access to critical systems should be valid](/integrations/gcp/user-access-to-critical-systems-should-be-valid) | Checks that users with access to critical systems are authorized in GCP. |
| [Google Security Command Center vulnerability alerts should be resolved within SLA](/integrations/gcp/gcp-scc-vuln-alerts-resolved-sla) | Checks that Google Security Command Center vulnerability alerts are resolved within SLA. |
## Troubleshooting
Re-authenticate from **Integrations → Google Cloud Platform (GCP) → Reconnect**. This usually happens when API tokens expire.
Verify the connected account has admin permissions. Try a manual sync from the integration settings.