Users can choose to configure Lacework for AWS Config during initial setup or at any time using the Lacework UI. During initial setup, the option to configure Lacework for AWS Config follows the option to configure Lacework for AWS CloudTrail. From the UI, users can navigate to Integrations > AWS Config.
Using either method, you will land on the same AWS CloudTrail page.
1. To Start
To configure Lacework for CloudTrail, click the [+ Add Integration] button.
2. Choose an Integration Method
After clicking [Next], you will be directed to the Add AWS Config page. To audit AWS Config, Lacework will create a least privilege IAM role. To grant Lacework permission to create this role, you will need to login to your AWS account as a user with administrator credentials. The integration will fail if you do not have the required credentials.
As administrator, you have two options to configure Lacework for AWS Config - using a Lacework script or manually.
Option 1: [Click Here to Configure Directly in AWS Config] requires fewer steps and less user input. For this option, please disable your browser pop-up blocker.
Option 2: [Download AWS Config Template] requires more user input.
After you configure your AWS account to allow Lacework, you will need to return to the Lacework UI to finish the integration.
3. Click on the Chosen Integration Method
Option 1: Click the [Click Here to Configure Directly in AWS Config] button.
You will be redirected to the AWS Create stack - Select Template page. The Lacework script populates the Specify an Amazon S3 template URL for you.
- After reviewing the page, click 'Next'.
Option 2: Click the [Download CloudTrail Template] button.
- Download the template locally.
- Login to your AWS account.
- Select the CloudFormation service and click the [Create New Stack] button, which will bring you to the Create stack > Select Template page.
- Upload the Lacework template and click the [Next] button.
For more information on Selecting a Stack Template, please refer to the AWS Documentation library.
4. Specify Details
You should now be on the Create Stack - Specify Details page.
- Create a Stack name [for example, Lacework-AWS-Config] or use the default.
- Resource name prefix is populated with the account name of the first account configured to use Lacework for AWS Config if the direct configuration method was chosen. When adding accounts, you can select to keep this prefix or enter a different prefix to ensure account uniqueness. If you chose to upload the template during initial installation, Resource name prefix will be empty. Enter a prefix such as account name.
- Lacework populates ExternalID, but can be changed if you follow a defined naming policy.
After completing the above, click the [Next] button.
You should now be on the Create stack - Options page, which requires no changes. Click the [Next] button
You should now be on the Create stack - Review page.
- Check I acknowledge that AWS CloudFormation might create IAM resources with custom names.
- Click the [Create] button
7. CloudFormation page
After clicking [Create], you will be redirected back to the CloudFormation page. If you do not see your new stack in the stack table, refresh the page. Select your stack to see the event log as it is being created. When the stack is 'CREATE-COMPLETE', select the Outputs tab located below the stack table.
8. Outputs tab
Copy the values from the ExternalID and RoleARN fields into a text editor for use below.
9. Complete the Lacework AWS Integration Form
You can now return to the Lacework UI to complete the installation.
- Choose a name and enter the values from the Outputs tab
- Click the [Save] button
Lacework will now begin to receive your CloudTrail logs for analysis. You can now continue the onboarding process or return to the Lacework UI.