Contents x
    GCP Monitoring Issues
    • 26 Feb 2024
    • 1 Minute to read
    • Print
    • PDF
    Contents

    GCP Monitoring Issues

    • Updated on 26 Feb 2024
    • 1 Minute to read
    • Print
    • PDF
    Article summary

    Quota Issues

    List requests for Data Transfer Service quota

    • Issue: GCP account has reached the rate limit on API requests of type List for Data Transfer Service.

    • Symptom: Error message is generated when the rate limit for the number of requests is reached.

    • Solution: In the GCP Console, increase the limit. For more information refer to GCP Quotas documentation.

    Organizational Policies

    Secret creation not allowed

    • Issue: In order to perform CloudSQL classification, Prisma Cloud DSPM needs to create a secret (key) within GCP. A resource location policy has prevented the creation of the secret..

    • Symptom: Error message is generated when failing to create a secret.

    • Solution: In the GCP Console, update the policy. For more information refer to GCP Restricting Resource Locations.

    IAM Misconfiguration

    Failure to impersonate Service Account

    • Issue: Prisma Cloud DSPM uses a set of service accounts and permissions to perform data discovery and classification. We have encountered an issue utilizing those service accounts and permissions. 

    • Symptom: Error message is generated when attempting to impersonate Service Account.

    • Solution: Validate the following:

      • The service account presented in the issue details exists in the project.

      • Access between the above service account and the Scanner Service Account is configured correctly. See more information in Manage access to service accounts.

      • The above service account has all the permissions listed as the required permissions for Prisma Cloud DSPM..

    BigTable List is not allowed

    • Issue: Prisma Cloud DSPM uses a set of roles and permissions to perform data discovery and classification. We have encountered an issue utilizing those roles and permissions. 

    • Symptom: Error message is generated when attempting to perform the List operation on GCP BigTable.

    • Solution: Validate that the service account has all the permissions listed as the required permissions for Prisma Cloud DSPM.

    CloudSQL List is not allowed

    • Issue: Prisma Cloud DSPM uses a set of roles and permissions to perform data discovery and classification. We have encountered an issue utilizing those roles and permissions. 

    • Symptom: Error message is generated when attempting to perform the List operation on GCP CloudSQL

    • Solution: Validate that the service account has all the permissions listed as the required permissions for Prisma Cloud DSPM.

    Was this article helpful?
    What's Next

    Can’t find what you’re looking for?

    Let us know what you need at support@dig.security and we'll help you as soon as possible