Skip to content
/ terraform-gcp-pub-sub-audit-log Public

A Terraform Module to configuring an integration with Google Cloud Platform Pub Sub Audit Logs with Lacework for analysis.

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lacework/terraform-gcp-pub-sub-audit-log

BranchesTags

Repository files navigation

terraform-gcp-pub-sub-audit-log

GitHub release Codefresh build status

A Terraform Module to configuring an integration with Google Cloud Platform Pub Sub Audit Logs with Lacework for analysis.

⚠️ - NOTE: When using an existing Service Account, Terraform cannot work out whether a role has already been applied. This means when running the destroy step, existing roles may be removed from the Service Account. If this Service Account is managed by another Terraform module, you can re-run apply on the other module and this will re-add the role.

Alternatively, it is possible to remove the offending roles from the state file before destroy, preventing the role(s) from being removed.

e.g. terraform state rm 'google_project_iam_binding.for_lacework_service_account'

Required Roles

roles/pubsub.publisher
roles/pubsub.subscriber

Required APIs

iam.googleapis.com
pubsub.googleapis.com
serviceusage.googleapis.com
cloudresourcemanager.googleapis.com

Requirements

Name Version
terraform >= 0.15.1
google >= 4.4.0
lacework ~> 2.0
time ~> 0.6

Providers

Name Version
google >= 4.4.0
lacework ~> 2.0
random n/a
time ~> 0.6

Modules

Name Source Version
lacework_al_ps_svc_account lacework/service-account/gcp ~> 2.0

Resources

Name Type
google_logging_folder_sink.lacework_folder_sink resource
google_logging_organization_sink.lacework_organization_sink resource
google_logging_project_sink.lacework_project_sink resource
google_logging_project_sink.lacework_root_project_sink resource
google_organization_iam_audit_config.organization_audit_logs resource
google_organization_iam_member.for_lacework_service_account resource
google_project_iam_audit_config.project_audit_logs resource
google_project_iam_member.for_lacework_service_account resource
google_project_service.required_apis resource
google_pubsub_subscription.lacework_subscription resource
google_pubsub_subscription_iam_binding.lacework resource
google_pubsub_topic.lacework_topic resource
google_pubsub_topic_iam_binding.topic_publisher resource
lacework_integration_gcp_pub_sub_audit_log.default resource
random_id.uniq resource
time_sleep.wait_time resource
google_folders.my-org-folders data source
google_project.selected data source
google_projects.my-org-projects data source
lacework_metric_module.lwmetrics data source

Inputs

Name Description Type Default Required
custom_filter Customer defined Audit Log filter which will supersede all other filter options when defined string "" no
existing_sink_name The name of an existing sink to be re-used for this integration string "" no
folders_to_exclude List of root folders to exclude in an organization-level integration. Format is 'folders/1234567890' list(string) [] no
folders_to_include List of root folders to include in an organization-level integration. Format is 'folders/1234567890' set(string) [] no
google_workspace_filter Filter out Google Workspace login logs from GCP Audit Log sinks. Default is true bool true no
include_root_projects Enables logic to include root-level projects if excluding folders. Default is true bool true no
integration_type Specify the integration type. Can only be PROJECT or ORGANIZATION. Defaults to PROJECT string "PROJECT" no
k8s_filter Filter out GKE logs from GCP Audit Log sinks. Default is true bool true no
labels Set of labels which will be added to the resources managed by the module map(string) {} no
lacework_integration_name n/a string "TF pub_sub_audit_log" no
organization_id The organization ID, required if integration_type is set to ORGANIZATION string "" no
prefix The prefix that will be use at the beginning of every generated resource string "lw-al-ps" no
project_id A project ID different from the default defined inside the provider string "" no
pubsub_subscription_labels Set of labels which will be added to the subscription map(string) {} no
pubsub_topic_labels Set of labels which will be added to the topic map(string) {} no
required_apis n/a map(any) 
{
  "iam": "iam.googleapis.com",
  "pubsub": "pubsub.googleapis.com",
  "resourcemanager": "cloudresourcemanager.googleapis.com",
  "serviceusage": "serviceusage.googleapis.com"
}
 no
service_account_name The Service Account name (required when use_existing_service_account is set to true) string "" no
service_account_private_key The private key in JSON format, base64 encoded (required when use_existing_service_account is set to true) string "" no
skip_create_lacework_integration Set this to true to skip creating the LW integration during GCPv1 to GCPv2 migration bool false no
use_existing_service_account Set this to true to use an existing Service Account bool false no
wait_time Amount of time to wait before the next resource is provisioned. string "10s" no

Outputs

Name Description
lacework_integration_guid GUID of the created Lacework integration
pubsub_subscription_name The PubSub subscription name
pubsub_topic_name The PubSub topic name
service_account_name The Service Account name
service_account_private_key The private key in JSON format, base64 encoded
sink_name The sink name

About

A Terraform Module to configuring an integration with Google Cloud Platform Pub Sub Audit Logs with Lacework for analysis.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

3 stars

Watchers

39 watching

Forks

0 forks
Report repository

Releases 11

v0.6.1 Latest
Nov 6, 2024
+ 10 releases

Packages

No packages published

Contributors 10

Languages