Configuring audit event archiving through the UI
To configure archiving for GCP, you must create a GCP service account specifically for audit event archiving, download the service account private key in JSON format, and then upload the service account private key to CDP.
Required Role: PowerUser
- Log in to the CDP interface.
- In the left-side navigation menu, click Create. and then click
Select the GCP icon.
- Copy the script provided into your terminal or Google Cloud Shell to create a new
service account and generate the service account private key. When the script finishes running, it begins a download of the service account private key.
- When you have finished creating the new service account and have the service account private key, click Upload file on the Create Audit Credential page in CDP to upload the private key JSON to CDP.
- Click Create Credential.
- After the credential has been created, you must configure the audit data location. In the Storage location field, provide the full path to the GCS bucket that you created or designated to be the audit log bucket.
- Select the bucket region, then decide whether or not to export the audit logs to the configured storage location. You can also verify the configuration before saving.
- Click Save Configuration.