Skip to main content

Add GCP Cloud Account

Onboard a new gcp cloud account onto the Prisma Cloud platform.

Prerequisite: Generate the GCP credentials by calling Generate and Download the GCP Terraform template API

Query Parameters
  • skipStatusChecks boolean

    true = Skip account status checks to improve response time

Request Body required

Cloud Account

  • accountGroupCreationMode string

    Possible values: [MANUAL, AUTO, RECURSIVE]

    Default value: MANUAL

    MANUAL: Account will be mapped to the account group mentioned in defaultAccountGroupId.

    AUTO: Automatically creates account groups for each top-level folder in the hierarchy.

    RECURSIVE: Automatically creates account groups for the folders that are nested within the GCP organization hierarchy.

    Applicable only if the accountType is organization.

  • cloudAccount object required
  • accountId string required

    Organization resource ID if accountType is organization.

    Project ID if accountType is account or masterServiceAccount.

  • accountType string required

    Possible values: [account, masterServiceAccount, organization]

    Cloud Account Type.

    account: GCP Project

    organization: GCP Organization

    masterServiceAccount: Onboards all GCP projects that are accessible by the service account.

  • enabled boolean

    Enable or disable this account on Prisma Cloud.

    Default value: false

  • groupIds string[]

    List of Account Groups that must be mapped to this account. To get the account group ids,call List Account Groups API

  • name string required

    Account name for the GCP account that will be onboarded on Prisma Cloud. (must be unique)

  • projectId string

    ID of the project.

    Get the project ID from the credentials json file that is generated from the GCP Terraform template.

  • compressionEnabled boolean

    Enable or disable compressed network flow log generation.

    Default value: false

  • credentials object required

    Add contents of the JSON file, which contains the credentials, that is generated from the GCP Terraform template.

  • auth_provider_x509_cert_url string
  • auth_uri string
  • client_email string
  • client_id string
  • client_x509_cert_url string
  • private_key string
  • private_key_id string
  • project_id string
  • token_uri string
  • type string
  • dataflowEnabledProject string

    Project ID where the Dataflow API is enabled .

    Required if compressionEnabled is set to true and if the accountType is organization.

    Optional if the accountType is account or masterServiceAccount

  • defaultAccountGroupId string required

    Applicable only

    • If accountType is organization and accountGroupCreationMode is MANUAL.

    • If accountType is masterServiceAccount.

  • features object[]

    Features to be enabled and/ or disabled. To get a list of all the supported features, see Fetch Supported Features endpoint

  • Array [
  • name string

    Feature name obtained from Fetch Supported Features endpoint

  • state string

    Possible values: [enabled, disabled]

    Feature state. Whether to be enabled or disabled

  • ]
  • flowLogStorageBucket string

    Cloud Storage Bucket name that is used store the flow logs.

  • hierarchySelection object[]

    Applicable only if accountType is organization.

    Include/Exclude a list of GCP folders, GCP projects under the organization.

  • Array [
  • displayName string

    To get the display name of resource, Refer List Children of Parent.

    aws: List Children of Parent (AWS)

    gcp: List Children of Parent (GCP). Display name is the organization name if nodeType is ORG

    azure: List Children of Parent (Azure)

  • nodeType string


    Member account node type. Supported values based on cloud type:

    aws: ORG, OU, or ACCOUNT

    gcp: ORG, FOLDER, or PROJECT


  • resourceId string

    To get the list of resource IDs and its details, Refer List Children of Parent.

    aws: List Children of Parent (AWS)

    gcp: List Children of Parent (GCP)

    azure: List Children of Parent (Azure)

  • selectionType string

    Possible values: [ALL, INCLUDE, EXCLUDE]

    Organization Member accounts Selection type.

    ALL: Include the resource and all its children

    INCLUDE: Include the specified resource

    EXCLUDE: Exclude the specified resource

  • ]
  • organizationName string

    GCP Organization name


successful operation