Pre-Requisite: In order to complete the following onboard steps you will need to have privileges to: create a new GCP project, create a service account, and modify your organizations IAM policy.
...
- Cloud Resource Manager API
- https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com
- This enables us to view resources such projects
- Firebase Management API
- https://console.cloud.google.com/apis/library/firebase.googleapis.com
- This enables us to view Firebase projects and associated resources
- Firebase Rules API
- https://console.cloud.google.com/apis/library/firebaserules.googleapis.com
- This enables us to view your Firebase projects’ rules
- Cloud Functions API
- https://console.cloud.google.com/apis/library/cloudfunctions.googleapis.com
- This enables us to enumerate your Cloud Functions
- App Engine Admin API
- https://console.cloud.google.com/apis/library/appengine.googleapis.com
- This enables us to enumerate the deployed App Engine services so that we can discover APIs deployed with the Endpoints Framework
- Kubernetes Engine API
- https://console.cloud.google.com/apis/library/container.googleapis.com
- This enables us to enumerate Kubernetes clusters
- Secret Manager API
- https://console.cloud.google.com/apis/library/secretmanager.googleapis.com
This enables us to enumerate secrets (note that we cannot access secrets value, only secrets metadata)
Cloud Key Management Service API
https://console.cloud.google.com/apis/library/cloudkms.googleapis.com
This enables us to enumerate cryptographic keys (note that we cannot retrieve the key itself, just its metadata)
Step 3: Create a service account in the new GCP project
...