terraform-example-foundation icon indicating copy to clipboard operation
terraform-example-foundation copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

1-org requires securitycenter.notificationconfig.get permissions - add Security Center Admin role after enabling SCC - new org issue (where SCC was not enabled yet)

Open obriensystems opened this issue 1 year ago • 2 comments

TL;DR

add Security Center Notification Configurations Editor for step 3 of https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/1-org/README.md#deploying-with-cloud-build

export ORGANIZATION_ID=$(terraform -chdir="../terraform-example-foundation/0-bootstrap/" output -json common_config | jq '.org_id' --raw-output)
gcloud scc notifications describe "scc-notify" --organization=${ORGANIZATION_ID}

Expected behavior

No response

Observed behavior

after setting permission

michael@cloudshell:~/tef-olapp/github/gcp-org (tef-olapp)$ gcloud scc notifications describe "scc-notify" --organization=${ORGANIZATION_ID}
ERROR: (gcloud.scc.notifications.describe) INVALID_ARGUMENT: Security Command Center Legacy has been permanently disabled as of June 7, 2021. Migrate to Security Command Center's Standard tier or Premium tier to maintain access to Security Command Center. See https://cloud.google.com/security-command-center/docs/quickstart-security-command-center for more info.

Terraform Configuration

shell

Terraform Version

1.7.4

Additional information

No response

obriensystems avatar Mar 07 '24 18:03 obriensystems

enable Security Command Center Screenshot 2024-03-07 at 13 19 50 free version

Screenshot 2024-03-07 at 13 21 33

skip data residency for now because I am testing in us-central1 not northamerica-northeast1 Screenshot 2024-03-07 at 13 22 02

now grant roles that caused issues in https://github.com/terraform-google-modules/terraform-example-foundation/issues/1145

Screenshot 2024-03-07 at 13 23 02 Screenshot 2024-03-07 at 13 23 35 Screenshot 2024-03-07 at 13 25 01

obriensystems avatar Mar 07 '24 18:03 obriensystems

rerun

michael@cloudshell:~/tef-olapp/github/gcp-org (tef-olapp)$ gcloud scc notifications describe "scc-notify" --organization=${ORGANIZATION_ID}
ERROR: (gcloud.scc.notifications.describe) NOT_FOUND: Requested entity was not found.
michael@cloudshell:~/tef-olapp/github/gcp-org (tef-olapp)$

enable SSC on project -allready enabled

Screenshot 2024-03-07 at 13 28 05

api call is deprecated

obriensystems avatar Mar 07 '24 18:03 obriensystems

stale bot timer restart - https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/.github/workflows/stale.yml#L21

fmichaelobrien avatar Apr 11 '24 15:04 fmichaelobrien