Pre-Requisite: In order to complete the following onboard steps you will need to have privileges to: create a new GCP project, create a service account, and modify your organizations IAM policy.
...
Click on each link below and then “Enable API” button click on the ENABLE button near the top of the page. Ensure that the newly created project is currently selected in the project list drop down.
- Service Usage API
- https://console.cloud.google.com/apis/library/serviceusage.googleapis.com
- This enables us to make sure necessary APIs are enabled
- Cloud Resource Manager API
- https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com
- This enables us to view resources such as the list of projects
- Identity and Access Management (IAM) API
- https://console.cloud.google.com/apis/library/iam.googleapis.com
- This enables us to determine which permissions each role contains
- Firebase Management API
- https://console.cloud.google.com/apis/library/firebase.googleapis.com
- This enables us to view Firebase projects and associated resources
- Firebase Realtime Database Management API
- https://console.cloud.google.com/apis/library/firebasedatabase.googleapis.com
- This enables us to enumerate your Firebase Realtime databases
- Firebase Rules API
- https://console.cloud.google.com/apis/library/firebaserules.googleapis.com
- This enables us to view your Firebase projects’ rules
- Cloud Functions API
- https://console.cloud.google.com/apis/library/cloudfunctions.googleapis.com
- This enables us to enumerate your Cloud Functions
- App Engine Admin API
- https://console.cloud.google.com/apis/library/appengine.googleapis.com
- This enables us to enumerate the deployed App Engine services so that we can discover APIs deployed with the Endpoints Framework
- Kubernetes Engine API
- https://console.cloud.google.com/apis/library/container.googleapis.com
- This enables us to enumerate Kubernetes clusters
- Secret Manager API
- https://console.cloud.google.com/apis/library/secretmanager.googleapis.com
This enables us to enumerate secrets (note that we cannot access secrets value, only secrets metadata)
Cloud Key Management Service API
https://console.cloud.google.com/apis/library/cloudkms.googleapis.com
This enables us to enumerate cryptographic keys (note that we cannot retrieve the key itself, just its metadata)
- Compute Engine API
- https://console.cloud.google.com/apis/library/compute.googleapis.com
- This enables us to enumerate your Virtual Machines
- Cloud SQL Admin API
- https://console.cloud.google.com/apis/library/sqladmin.googleapis.com
- This enables us to enumerate your SQL databases
...