To configure archiving for GCP, you must create a GCP service account specifically
for audit event archiving, download the service account private key in JSON format, and then
upload the service account private key to CDP.
In GCP, create a new GCS bucket or designate an existing bucket
for audit archiving. Be sure to block all public access. Audit events will be archived under
the /cdp/cp folder, which will be created automatically by CDP.Required Role:
PowerUser
-
Log in to the CDP interface.
-
In the left-side navigation menu, click and
then click Create.
-
Select the GCP icon.
- Copy the script provided into your terminal or Google Cloud Shell to create a new
service account and generate the service account private key.
When the script finishes running, it begins a download of the service
account private key.
- When you have finished creating the new service account and have the service
account private key, click Upload file on the Create
Audit Credential page in CDP to upload the private key JSON to
CDP.
- Click Create Credential.
- After the credential has been created, you must configure the audit data location.
In the Storage location field, provide the full path to the GCS
bucket that you created or designated to be the audit log bucket.
- Select the bucket region, then decide whether or not to export the audit logs to
the configured storage location. You can also verify the configuration before
saving.
- Click Save Configuration.
Audit event archiving configuration is complete.
When the script finishes running, it begins a download of the service account private key.