diff --git a/docs/platform-services/automation-service/app-central/integrations/google-cloud-run.md b/docs/platform-services/automation-service/app-central/integrations/google-cloud-run.md
index 49e3d246cb..81ae849e24 100644
--- a/docs/platform-services/automation-service/app-central/integrations/google-cloud-run.md
+++ b/docs/platform-services/automation-service/app-central/integrations/google-cloud-run.md
@@ -16,9 +16,9 @@ Google Cloud Run is a fully managed serverless platform that lets you run statel
* **List Services** (*Enrichment*) - List all Cloud Run services in a project and region to inventory what is currently running.
* **Get Service** (*Enrichment*) - Retrieve configuration and metadata for a specific Cloud Run service including its URL, revision, and status.
-* **Add Member To Role** (*Containment*) - Add a member (user, service account, or group) to a specific IAM role on a Cloud Run service to grant invoke or admin access.
-* **Remove Member From Role** (*Containment*) - Remove a member from a specific IAM role on a Cloud Run service to revoke access during incident response.
-* **Update Service IAM Policy** (*Containment*) - Modify the IAM policy on a Cloud Run service to restrict or expand who can invoke it.
+* **Add Member to Role** (*Containment*) - Add a member (user, service account, or group) to a specific IAM role on a Cloud Run service to grant invoke or admin access.
+* **Remove Member from Role** (*Containment*) - Remove a member from a specific IAM role on a Cloud Run service to revoke access permissions.
+* **Update IAM Policy** (*Containment*) - Modify the IAM policy on a Cloud Run service to restrict or expand who can invoke it.
* **Delete Service** (*Containment*) - Permanently delete a Cloud Run service to decommission legacy or compromised workloads quickly.
## Google Cloud Run configuration
@@ -43,7 +43,7 @@ To [create WIF credentials](https://cloud.google.com/iam/docs/workload-identity-
4. Click **ENABLED APIs AND SERVICES** and search for Cloud Resource Manager API, IAM Service Account Credentials API, Identity and Access Management (IAM) API, Security Token Service API, Cloud Run API, and enable them all.
5. Go to **IAM & Admin** > **Service Accounts** page.
6. Click **CREATE SERVICE ACCOUNT**. A [Service Account](https://cloud.google.com/iam/docs/service-accounts-create) is required to access Google Cloud Run.
-7. While creating the service account, in **Permissions** add the roles **Service Account Token Creator**, **Cloud Run Admin**, and **Project IAM Admin**, then click **DONE**.
})
+7. While creating the service account, in **Permissions** add the roles **Service Account Token Creator** and **Cloud Run Admin**, then click **DONE**. If your organization prefers least-privilege access, you can create a custom role with only the following permissions instead of Cloud Run Admin: `run.services.list`, `run.services.get`, `run.services.getIamPolicy`, `run.services.setIamPolicy`, and `run.services.delete`.
8. Go to **IAM & Admin** > **Workload Identity Federation** page.
})
9. Click **CREATE POOL**, provide the details, and click **CONTINUE**.
})
10. Add **Provider details**. Select **AWS** as the provider type and provide the AWS Account ID supplied by Sumo Logic. Click **CONTINUE** and **SAVE**.
})
@@ -68,7 +68,7 @@ To [create service account credentials](https://developers.google.com/workspace/
5. Click **CREATE CREDENTIALS** and select **Service Account**.
})
6. Enter a service account name to display in the Google Cloud console. The Google Cloud console generates a service account ID based on this name.
7. (Optional) Enter a description of the service account.
-8. Skip two optional grant permissions steps and click **Done** to complete the service account creation.
})
+8. In the **Grant this service account access to project** step, add the role **Cloud Run Admin**, then click **DONE** to complete the service account creation. If your organization prefers least-privilege access, you can create a custom role with only the following permissions instead of Cloud Run Admin: `run.services.list`, `run.services.get`, `run.services.getIamPolicy`, `run.services.setIamPolicy`, and `run.services.delete`.
9. Click on the generated service account to open the details.
})
10. Under the **KEYS** tab, click **ADD KEY** and choose **Create new key**.
})
11. Click **CREATE** (make sure **JSON** is selected).
})
diff --git a/docs/platform-services/automation-service/app-central/integrations/google-compute-engine.md b/docs/platform-services/automation-service/app-central/integrations/google-compute-engine.md
new file mode 100644
index 0000000000..5631e5a5fb
--- /dev/null
+++ b/docs/platform-services/automation-service/app-central/integrations/google-compute-engine.md
@@ -0,0 +1,109 @@
+---
+title: Google Compute Engine
+description: ''
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+})
+
+***Version: 1.0
+Updated: June 5, 2026***
+
+Google Compute Engine is a scalable, high-performance virtual machine infrastructure service on Google Cloud that lets you create and manage VMs, persistent disks, and related compute resources programmatically.
+
+## Actions
+
+* **Add Member to Role** (*Containment*) - Add a member (user, service account, or group) to a specific IAM role on a Compute Engine instance to grant access permissions.
+* **Create Disk Snapshot** (*Notification*) - Create a snapshot of a persistent disk attached to an instance.
+* **Delete Instance** (*Containment*) - Permanently delete a Compute Engine virtual machine instance.
+* **Get Instance** (*Enrichment*) - Retrieve detailed information about a specific virtual machine instance.
+* **List Instances** (*Enrichment*) - List all virtual machine instances within a project and zone.
+* **Remove Member from Role** (*Containment*) - Remove a member from a specific IAM role on a Compute Engine instance to revoke access permissions.
+* **Restore Disk from Snapshot** (*Notification*) - Create a new persistent disk from an existing snapshot.
+* **Start Instance** (*Containment*) - Start a stopped virtual machine instance.
+* **Stop Instance** (*Containment*) - Stop a running virtual machine instance.
+* **Update IAM Policy** (*Containment*) - Update the IAM access control policy for a Compute Engine resource.
+* **Check Operation Status** (*Scheduled*) - Poll the status of a long-running operation until it reaches completion. Use this action after asynchronous operations such as stopping, starting, or deleting an instance, creating a disk snapshot, or restoring a disk from a snapshot to confirm the operation has finished.
+
+## Google Compute Engine Authentication Configuration
+
+Our Google Compute Engine integration supports two types of authentication: Service Account and WIF (Workload Identity Federation). We recommend using WIF since it is more secure and easier to manage. For more information, see [Workload Identity Federation](https://cloud.google.com/iam/docs/workload-identity-federation).
+
+## Required AWS details from Sumo Logic
+
+To configure the Google Compute Engine integration using WIF authentication, you need the following AWS details from Sumo Logic. These details are essential for setting up the Workload Identity Federation (WIF) credentials in Google Cloud:
+* Deployment name is the unique name of your Sumo Logic [deployment](/docs/api/about-apis/getting-started/#documentation), for example, `dub`, `fra`, etc.
+* Sumo Logic AWS account ID: `926226587429`
+* Sumo Logic AWS role: `-csoar-automation-gcpcompute`
+* Sumo Logic AWS Lambda function: `-csoar-automation-gcpcompute`
+* Full ARN: `arn:aws:sts::926226587429:assumed-role/-csoar-automation-gcpcompute/-csoar-automation-gcpcompute`
+
+### Workload Identity Federation (WIF) authentication
+
+To [create WIF credentials](https://cloud.google.com/iam/docs/workload-identity-federation) in Google Cloud needed to configure the Google Compute Engine integration, follow these steps:
+1. Log in to the [Google Cloud](https://console.cloud.google.com) portal.
+2. Select a Google Cloud project (or create a new one).
+3. Go to **API & Services**.
+4. Click **ENABLED API AND SERVICES** and search for the following APIs, then enable them all: Cloud Resource Manager API, IAM Service Account Credentials API, Identity and Access Management (IAM) API, Security Token Service API, and Compute Engine API.
+5. Go to **IAM & Admin** > **Service Accounts**.
+6. Click **CREATE SERVICE ACCOUNT**. A [service account](https://cloud.google.com/iam/docs/service-accounts-create) is required to access Google Compute Engine.
+7. While creating the service account, in **Permissions** add the roles **Service Account Token Creator** and **Compute Admin**, then click **DONE**. If your organization prefers least-privilege access, you can create a custom role with only the following permissions instead of Compute Admin: `compute.instances.get`, `compute.instances.list`, `compute.instances.delete`, `compute.instances.start`, `compute.instances.stop`, `compute.instances.getIamPolicy`, `compute.instances.setIamPolicy`, `compute.disks.createSnapshot`, `compute.snapshots.create`, `compute.disks.create`, and `compute.snapshots.useReadOnly`.
+8. Go to **IAM & Admin** > **Workload Identity Federation**.
+9. Click **CREATE POOL**, provide the details, and click **CONTINUE**.
+10. Add **Provider details**. Select **AWS** as the provider type and provide the AWS Account ID supplied by Sumo Logic. Click **CONTINUE** and **SAVE**.
+11. Confirm the created pool and provider.
})
+12. Build a principal name to configure in Sumo Logic. The format is: `principalSet://iam.googleapis.com/projects/{YourProjectID}/locations/global/workloadIdentityPools/{YourPoolName}/attribute.aws_role/arn:aws:sts::{SumoAWSAccountID}:assumed-role/{SumoAWSRole}/{SumoAWSLambdaFunction}`.
+13. Go to **IAM & Admin** > **IAM** and click **Grant Access** to add a new principal.
+14. In the **New principals** field, enter the principal name from the previous step and select the role **Workload Identity User**. Click **SAVE**.
})
+15. Go to **IAM & Admin** > **Workload Identity Federation** and select the pool created above.
+16. Click **Grant Access** > **Grant access using service account impersonation**.
+17. Select the service account created above, set the principal as `aws_role`, and provide the ARN `arn:aws:sts::{SumoAWSAccountID}:assumed-role/{SumoAWSRole}`. Click **SAVE**.
})
+18. Again click **Grant Access** > **Grant access using service account impersonation**. Select the same service account, set the principal as `aws_role`, and provide the ARN `arn:aws:sts::{SumoAWSAccountID}:assumed-role/{SumoAWSRole}/{SumoAWSLambdaFunction}`. Click **SAVE**.
+19. Download the WIF `conf.json` file. Keep it in a safe place. Use the JSON content to configure the Google Compute Engine integration to use WIF authentication in Automation Service and Cloud SOAR.
+
+### Service Account authentication
+
+To [create service account credentials](https://developers.google.com/workspace/guides/create-credentials) in Google Cloud needed to configure the Google Compute Engine integration, follow these steps:
+
+1. Log in to the [Google Cloud](https://console.cloud.google.com) portal.
+2. Select a Google Cloud project (or create a new one).
+3. Go to **API & Services** > **Credentials**.
+4. Click **ENABLED API AND SERVICES**, search for Compute Engine API, and enable it.
+5. Click **CREATE CREDENTIALS** and select **Service Account**.
+6. Enter a service account name. The Google Cloud console generates a service account ID based on this name.
+7. (Optional) Enter a description of the service account.
+8. In the **Grant this service account access to project** step, add the role **Compute Admin**, then click **DONE** to complete the service account creation. If your organization prefers least-privilege access, you can create a custom role with only the following permissions instead of Compute Admin: `compute.instances.get`, `compute.instances.list`, `compute.instances.delete`, `compute.instances.start`, `compute.instances.stop`, `compute.instances.getIamPolicy`, `compute.instances.setIamPolicy`, `compute.disks.createSnapshot`, `compute.snapshots.create`, `compute.disks.create`, and `compute.snapshots.useReadOnly`.
+9. Click the generated service account to open the details.
+10. Under the **KEYS** tab, click **ADD KEY** and choose **Create new key**.
+11. Click **CREATE** (make sure **JSON** is selected).
+12. The JSON file is downloaded. Keep it in a safe place.
+
+## Configure Google Compute Engine in Automation Service and Cloud SOAR
+
+import IntegrationsAuth from '../../../../reuse/integrations-authentication.md';
+import IntegrationCertificate from '../../../../reuse/automation-service/integration-certificate.md';
+import IntegrationEngine from '../../../../reuse/automation-service/integration-engine.md';
+import IntegrationLabel from '../../../../reuse/automation-service/integration-label.md';
+import IntegrationProxy from '../../../../reuse/automation-service/integration-proxy.md';
+import IntegrationTimeout from '../../../../reuse/automation-service/integration-timeout.md';
+
+
+*
+* **Private Key Json**. Provide the content of the JSON file generated [above](#google-compute-engine-authentication-configuration). Open the file and copy-paste the whole content in the field.
+
+* **WIF Private Key Json**. Provide the content of the Workload Identity Federation JSON file generated [above](#google-compute-engine-authentication-configuration). Open the file and copy-paste the whole content in the field.
+
+* **Project ID**. Provide the Google Cloud Project ID where the Compute Engine actions will be performed.
+
+* **Zone**. Provide the default Google Cloud zone (for example, `us-central1-a`) where your Compute Engine instances reside.
+*
+*
+
+})
+
+For information about Google Compute Engine, see [Google Compute Engine documentation](https://cloud.google.com/compute/docs).
+
+## Change Log
+
+* June 5, 2026 (v1.0) - First upload
diff --git a/static/img/platform-services/automation-service/app-central/integrations/google-compute-engine/google-compute-engine.png b/static/img/platform-services/automation-service/app-central/integrations/google-compute-engine/google-compute-engine.png
new file mode 100644
index 0000000000..69ce9be3d4
Binary files /dev/null and b/static/img/platform-services/automation-service/app-central/integrations/google-compute-engine/google-compute-engine.png differ