This topic describes how to configure a Lacework GCP compliance integration manually using the GCP Console and the Lacework Console.
Create a GCP Service Account and Grant Access
Follow the procedure provided in Create a GCP Service Account and Grant Access.
Enable the Required GCP APIs
When you manually create a GCP compliance integration, you must enable APIs for the GCP projects you want to integrate with. Follow the procedure provided in Enable the Required GCP APIs.
Create the GCP Compliance Integration on the Lacework Console
Creating a GCP integration requires a system with the jq utility installed. The jq utility is a flexible command-line JSON processor. For more information, see https://stedolan.github.io/jq/.
Finish the creation of the integration using the Lacework Console as described by the following steps.
-
Verify that the jq (command-line JSON processor) utility is available from your command-line shell. Leave this command-line window open.
$ jq
-
If the jq utility is found, skip to the next step. If the jq utility is not installed or not listed in your PATH, install it (https://stedolan.github.io/jq/ and verify that the path to the utility is listed in your PATH environment variable. The jq utility is required for some steps in the following procedure.
- Find the JSON file downloaded when you created the GCP Service Account.
- Open the file in an editor and leave it open.
- Log in to the Lacework Console.
- Select Settings > Integrations.
- Select INCOMING > GCP.
- Click + ADD INTEGRATION.
- In the Name field, enter a unique name for the integration.
- Copy the value of the client_id property from the JSON file and paste the value into the Client ID field of the Lacework Console.
- Copy the value of the private_key_id property from the JSON file and paste the value into the Private Key ID field of the Lacework Console.
- Copy the value of the client_email property from the JSON file and paste the value into the Client Email field of the Lacework Console.
- Exit the editor.
- You cannot just copy the private key from the editor because of an issue with copying the new line characters. You must copy a raw version of the key using the “jq” utility as described in the following steps.
- To view the raw text of the private key, enter the following command, where your_file_name.json is the name of the file downloaded when you created the GCP Service Account.
$ cat your_file_name.json | jq -r '.private_key'
- Copy all the text displayed in the output including the BEGIN and END lines.
-----BEGIN PRIVATE KEY----- your_keyinfo -----END PRIVATE KEY-----
- Paste the text into the Private Key field of the Lacework Console.
- From the Integration Level drop-down, select the ORGANIZATION or PROJECT. Select ORGANIZATION if integrating at the organization level. Select PROJECT if integrating at the project level.
- Copy the appropriate ID value for your integration type:
- If integrating at the project level, copy the value of the project_id property from the JSON file into the Org/Project ID field of the Lacework Console.
- If integrating at the organization level, log in to the GCP console. Click the down arrow in the top menu bar. From the Select from the drop-down, select an organization that contains the GCP project(s) that you want the integration to monitor. Select IAM & admin > Settings and copy the number from the Organization ID field and paste the value into the Org/Project ID field of the Lacework Console.
- Click Save. In Settings > INCOMING, a new integration displays.
- When the integration is complete and successful, the status changes to Integration Successful.