This topic describes how to configure a Lacework GCP Compliance Integration manually using the GCP Console and the Lacework Console.
Create a GCP Service Account and Grant Access
Follow the procedure provided in Create a GCP Service Account and Grant Access.
Enable the Required GCP APIs
When you manually create a GCP Compliance Integration, you must enable APIs for the GCP projects you want to integrate with. Follow the procedure provided in Enable the Required GCP APIs.
Create the GCP Compliance Integration on the Lacework Console
When creating a GCP integration, you need a system with the jq utility installed. The jq utility is a flexible command-line JSON processor. For more information, see https://stedolan.github.io/jq/.
Finish the creation of the integration using the Lacework Console as described by the following steps.
- Verify that the jq (command-line JSON processor) utility is available from your command-line shell.
If the jq utility is found, skip to the next step. If the jq utility is not installed or not listed in your PATH, install it (https://stedolan.github.io/jq/ and verify that the path to the utility is listed in your PATH environment variable.
The jq utility is required for some of the steps in the following procedure.
- Find the JSON file downloaded when you created the GCP Service Account.
- Open the file in an editor and leave it open.
- Log in to the Lacework Console.
- Select Settings > Integrations.
- Select INCOMING > GCP.
- Click + ADD INTEGRATION.
- In the Name field, enter a unique name for the integration.
- Copy the value of the client_id property from the JSON file and paste the value into the Client ID field of the Lacework Console.
- Copy the value of the private_key_id property from the JSON file and paste the value into the Private Key ID field of the Lacework Console.
- Copy the value of the client_email property from the JSON file and paste the value into the Client Email field of the Lacework Console.
- You cannot just copy the private key from the editor because of an issue with copying new line characters. You must copy a raw version of the key using the “jq” utility.
- Open a new command-line window on your system and browse to the directory that contains the JSON file.
- Get the name of the JSON file by entering a command to list the contents of the directory such as “ls” and enter the following command:
cat your_ file_name.json | jq -r '.private_key'
- Copy all the text displayed in the output including the following lines:
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
- Paste the text into the Private Key field of the Lacework Console.
- From the Integration Level drop-down, select the ORGANIZATION or PROJECT. Select ORGANIZATION if integrating at the organization level. Select PROJECT if integrating at the project level.
- Copy the appropriate ID value for your integration type:
- If you integrating at the project level, copy the value of the project_id property from the JSON file into the Org/Project ID field of the Lacework Console.
- if you integrating at the organization level, log in to the GCP console. Click the down arrow in the top menu bar. From the Select from the drop-down, select an organization that contains the GCP project(s) that you want the integration to monitor.
Select IAM & admin > Settings and copy the number from the Organization ID field and paste the value into the Org/Project ID field of the Lacework Console.
- Click Save. In Settings > INCOMING, a new integration displays.
- When the integration is complete and successful, the status changes to Integration Successful.