Create Cloud Storage Bucket

Instructions on how to create a GCP Cloud Storage bucket to export snapshots of Virtual Machine disks.

To let Aikido download snapshots of disks so they can be scanned for vulnerabilities, the snapshots need to be exported to a Cloud Storage bucket first. Follow the steps below to create a bucket for this purpose.

Navigate to Cloud Storage

Navigate to the GCP Cloud Storage module in the GCP Console and click on Create to create a new Bucket.

Enter a name for the bucket

First, you need to enter a name for the bucket. This can be anything you like, we recommend something descriptive like: aikido-security-vm-scanning-snapshots. Click "Continue" when ready.

Configure bucket region

For the bucket region, select a single region to host the bucket in. We recommend the following regions:

aikido.dev: europe-west2
us.aikdo.dev: us-east1
me.aikido.dev: me-central1

Choose storage class

For the storage class, you can leave the default setting for Standard selected. Aikido will automatically delete objects, once they are downloaded.

Configure object access controls

You can just keep the default access controls enabled for the objects. This will prevent any public access to the objects in the buckets.

Configure object security

Make sure to not enable any Data protection policies, these are not relevant for this bucket's purpose. You can leave the default encryption using the "Google-managed encryption key".

Create the bucket

Click on the "Create" button once the configuration is completed. Enter the name of the bucket when setting up the VM scanning integration in Aikido.

(Optional)

Sometimes, GCP asks to confirm if you are sure you want to prevent public access to objects in the bucket, it's important to ensure that public is prevented and make sure the checkbox is checked. Click on "Confirm".

Last updated 3 months ago

Was this helpful?