How do I integrate multiple GCP projects with Bastion?

Last updated: June 27, 2025

Context

When setting up GCP integration with Bastion for security auditing, you may need to connect multiple GCP projects. This is particularly important when you have different projects for different environments or functionalities that need to be monitored.

Answer

Currently, each GCP project requires its own separate integration in Bastion. Here's how to set up multiple GCP projects:

  1. For each GCP project you want to audit, you'll need to create a separate service account

  2. Configure each service account with the following roles at the project level:

    • roles/iam.securityReviewer

    • roles/viewer

  3. In Bastion, create a new GCP integration for each project you want to monitor

  4. Use the corresponding service account credentials for each integration

Note: Currently, Bastion does not support using a single service account for multiple projects. Each project requires its own dedicated integration setup.

Best practice is to integrate all production-related projects to ensure comprehensive security coverage of your production environment.