When you create a GCP Compliance integration or GCP Audit Log integration manually, you must enable APIs for the GCP projects you want to integrate with. When you create a GCP Compliance integration using the Lacework-provided python script, the script enables these APIs. Skip this procedure if you created the GCP Compliance integration using a Lacework python script.
Even if you are integrating at the organization level, you just enable some of the APIs listed in the table below for each project in your organization that you want to integrate with. Below the table are instructions for enabling the APIs.
API Name | API URL | Required? |
---|---|---|
Identity and Access Management (IAM) API | iam.googleapis.com | Required for all projects |
Cloud Resource Manager API | cloudresourcemanager.googleapis.com | Required for all projects |
Cloud Key Management Service (KMS) API | cloudkms.googleapis.com | Required only if you want the integration to report on this functionality for this project |
Compute Engine API | compute.googleapis.com | Required only if you want the integration to report on this functionality for this project |
Cloud DNS API | dns.googleapis.com | Required only if you want the integration to report on this functionality for this project |
Stackdriver Monitoring API | monitoring.googleapis.com | Required only if you want the integration to report on this functionality for this project |
Stackdriver Logging API | logging.googleapis.com | Required only if you want the integration to report on this functionality for this project |
Cloud Storage | storage-component.googleapis.com | Required only if you want the integration to report on this functionality for this project |
Service Usage API | serviceusage.googleapis.com | Required only if you want the integration to report on this functionality for this project |
Kubernetes Engine API | container.googleapis.com | Required only if you want the integration to report on this functionality for this project |
For each GCP project that you want to integrate with Lacework, enable each of the APIs listed in the above table by repeating the following steps:
- Log in to the GCP Console and click
.
- Select APIs & Services > Library.
In the Search for APIs & Services field, enter the API URL listed in the table above such as iam.googleapis.com.
Click on the result that matches the API name listed above, such as Identity and Access Management (IAM) API.
Click ENABLE.
If you are prompted to enable billing, click ENABLE BILLING.
- Repeat these steps for each GCP project that you want to integrate with and enable all APIs listed in the above table.