Configuring audit event archiving through the UI

To configure archiving for GCP, you must create a GCP service account specifically for audit event archiving, download the service account private key in JSON format, and then upload the service account private key to CDP.

In GCP, create a new GCS bucket or designate an existing bucket for audit archiving. Be sure to block all public access. Audit events will be archived under the /cdp/cp folder, which will be created automatically by CDP.

Required Role: PowerUser

  1. Log in to the CDP interface.
  2. In the left-side navigation menu, click Global Settings > Audit Data Configuration and then click Create.
  3. Select the GCP icon.
  4. Copy the script provided into your terminal or Google Cloud Shell to create a new service account and generate the service account private key.
    When the script finishes running, it begins a download of the service account private key.
  5. When you have finished creating the new service account and have the service account private key, click Upload file on the Create Audit Credential page in CDP to upload the private key JSON to CDP.
  6. Click Create Credential.
  7. After the credential has been created, you must configure the audit data location. In the Storage location field, provide the full path to the GCS bucket that you created or designated to be the audit log bucket.
  8. Select the bucket region, then decide whether or not to export the audit logs to the configured storage location. You can also verify the configuration before saving.
  9. Click Save Configuration.
Audit event archiving configuration is complete.