Chef Blogs

Chef Cloud Security for Google Cloud

Akshay Parvatikar | Posted on | Chef Cloud Security | CSPM | Technical Guide
Cloud security is a collection of procedures and technology designed to address external and internal threats to business security. The organization needs cloud security as it moves toward its digital transformation strategy and incorporates cloud-based tools and services as part of its infrastructure. Chef progress is the leading platform and the first provider certified by CIS for all the major cloud providers.  

Chef Cloud Security allows you to scan, monitor, and suggest remediation in your multi-cloud accounts across on-prem and cloud-native environments. Maintaining and enforcing security for containers and clouds with the standards-based audit is easier than ever. You can tune baselines to adapt to the organization’s requirements and maintain visibility and control across hybrid environments. 

Chef Cloud Security provides visibility through streamlined audits, maintaining continuous compliance, CSPM and Cloud-Native security, and a coded approach. 

Setting up your Environment   

JSON Credentials:  

To integrate Google cloud, you will first need to create a secret key within the GCP console. To do this - 

  1. Log in to the GCP console, scroll to the Service account from IAM & Admin section, and select Create service account.

  2. Fill in the details as per the requirements and click on Done.

       3. Open the manage key tab from the created account and select Create new key from the drop-down option.

       4. Choose Json as the format and download the keys. 



You can set up Cloud solutions in Chef Automate in three simple steps.   

To start, you first need to connect your cloud-native environment (GCP) to Chef Automate UI.  

  • Click on Settings
  • Node Integration > Create Integration
  • Select GCP from the given options
  • Give a valid name for your cloud management service
  • Fill out necessary details concerning GCP JSON keys
  • Save Integration


Note that the node's status should always be reachable when you save your integration.  

The next step is to select the security profile you want to apply to your GCP node. 

  • Click on Compliance
  • Profiles > Available profiles > Search for GCP Benchmark
  • Click on Get
  • The selected security profile should now be visible under the profiles section

With the profile selection and node integration completed, you need to create a scan job that will scan the selected cloud nodes based on the security profile. 

  • Click on Compliance
  • Scan Jobs > Create Scan Job
  • Select the Cloud node
  • Select a Profile
  • Run the Scan job
You can also schedule the time and date for scanning your cloud environment. 

Each control file from the security profiles goes through your cloud account and checks for misconfiguration based on benchmarks and best practices as per CIS.  

To check for the results of the scans.  

  • Click on Compliance
  • Nodes
  • Search and Click for the name of your test 


You can find all the detailed passed/failed results of the scanned node.  

You can download the compliance report as a CSV or in JSON format. Also, you can integrate any third-party tools like ServiceNow and Splunk within the Automate UI, where this data can be fed. In addition to all these features, Chef also provides APIs for external support.

Get more details of Chef End-to-End Cloud Security Management here.  

Watch the Technical Demonstration here.