AWS Integration - Guided Configuration
This topic describes how to use guided configuration to integrate AWS with Lacework. Guided configuration is a wizard-like interface that takes your input and generates a script that downloads and sets up all necessary Lacework CLI and Terraform components to create the AWS integration non-interactively through AWS CloudShell. You can also choose to run the generated bundle from any host supported by Terraform.
Requirements
- Ensure that you are deploying the integration to a supported AWS region.
- The final step of guided configuration is to run the generated bundle from either AWS CloudShell or any Terraform-supported host. Ensure your environment meets the corresponding requirements.
From AWS CloudShell
- AWS Account Admin - The account used to run Terraform must have administrative privileges on every AWS account you intend to integrate with Lacework.
- Lacework Administrator - A Lacework account with administrator privileges.
From Any Supported Host
- AWS Account Admin - The account used to run Terraform must have administrative privileges on every AWS account you intend to integrate with Lacework.
- AWS CLI - The Terraform provider for AWS leverages the configuration from the AWS CLI and it is recommended the AWS CLI is installed and configured with API keys for the account being integrated.
- Linux Tools - The following Linux tools must be installed and present on PATH: curl, Git, and unzip.
- Lacework Administrator - A Lacework account with administrator privileges.
Navigate to Guided Configuration
Follow these steps to integrate using guided configuration.
- Log in to the Lacework Console.
- Go to Settings > Integrations > Cloud accounts.
- Click + Add New.
- Click Amazon Web Services and select Guided configuration.
- Click Next.
- Select an integration type and follow the steps for the corresponding integration type.
Create a CloudTrail+Configuration Integration
Answer the questions about how to configure the integration.
Basic Configuration
- Do you want to enable Configuration integration?
A Configuration integration analyzes your AWS environment's configuration compliance. - Do you want to enable CloudTrail integration?
A CloudTrail integration analyzes CloudTrail activity. - Select the AWS region of your AWS accounts.
- Select an API key.
- Select an existing API key from the list.
- If no API keys exist, click Create New Key, provide a name and description, and click Save. Then select the key to use in the integration.
Advanced Configuration
For optional advanced configuration, click Advanced configuration (optional) and click Configure for the options you want to configure. The following options are available.
Additional CloudTrail options
- Consolidate CloudTrail logs - Select to configure a consolidated CloudTrail. note
If you consolidate CloudTrails from multiple AWS accounts into one bucket, Lacework maps the account ID to the account alias for the root account only. Other account IDs are not mapped to account aliases.
- Enable force destroy of the S3 bucket - Select to enable force destroy (required when bucket is not empty).
- Enable SQS encryption - Select to enable server-side encryption on SQS.
- CloudTrail integration name - A unique name for the integration that displays in the Lacework Console.
- SQS queue name - Name of the SQS queue.
- SQS encryption key ARN - ARN of the KMS encryption key to use for SQS.
CloudTrail bucket options
- Use an existing CloudTrail bucket instead - Enable to use an existing bucket.
- Bucket name - Name of the newly created bucket.
- Enable bucket encryption - Select to enable encryption on the created bucket.
- Bucket SSE key ARN - ARN of the KMS encryption key to use for the bucket.
CloudTrail SNS topic options
- Use an existing SNS topic instead - Enable to use an existing topic.
- SNS topic name - Name of the newly created topic.
- Disable SNS topic encryption - Select to disable encryption on the SNS topic. Default behavior uses encryption.
- SNS topic encryption key ARN - ARN of the KMS encryption key to use for SNS.
Add additional AWS accounts to Lacework
Specify the AWS profile and region. Add AWS accounts as needed.
Configure Lacework integration with an existing IAM role
- Name - IAM role name. Must match IAM role ARN.
- ARN - IAM role ARN.
- External ID - Paste the external ID from the custom IAM role that Lacework uses to access your AWS account. If the external ID does not comply with the format requirements, click the Refresh icon to generate a new one. Then follow the steps to update the external ID in the AWS console before returning here to finish the integration.
Create an EKS Audit Log Integration
Answer the questions about how to configure the integration.
Basic Configuration
- AWS region
Select your AWS region. - Comma separated list of EKS clusters
Enter a comma separated list of the EKS clusters you want to integrate. - Select an API key.
- Select an existing API key from the list.
- If no API keys exist, click Create New Key, provide a name and description, and click Save. Then select the key to use in the integration.
Advanced Configuration
For optional advanced configuration, click Advanced configuration (optional) and click Configure for the options you want to configure. The following options are available.
Bucket settings
- Enable S3 bucket versioning? - Select to enable S3 bucket versioning.
- Should MFA object deletion be required for the new bucket? - Select to require MFA object deletion (requires bucket versioning).
- Should force destroy be enabled for the new bucket? - Select to enable force destroy of the S3 bucket (required when bucket is not empty).
- Enable encryption for the new bucket? - Select to enable encryption on the S3 bucket.
- Specify the Bucket SSE algorithm - Encryption algorithm to use for S3 bucket server-side encryption.
- Specify the existing SSE KMS key ARN - Existing KMS encryption key ARN for bucket. Required when the bucket SSE algorithm is KMS and using an existing KMS key.
- Specify the bucket lifecycle expiration (days) - Lifetime in number of days of the bucket objects (default is 180).
Existing cross account IAM role
- Specify an existing cross-account IAM role ARN - IAM role ARN to use for cross-account access.
- Cross-account IAM role external ID - Paste the external ID from the custom IAM role that Lacework uses to access your AWS account. If the external ID does not comply with the format requirements, click the Refresh icon to generate a new one. Then follow the steps to update the external ID in the AWS console before returning here to finish the integration.
Firehose settings
- Specify an existing Firehose IAM role ARN - IAM role to use for the Kinesis Firehose.
- Enable encryption on Firehose? - Select to enable encryption on Firehose.
- Specify existing KMS encryption key ARN for Firehose - ARN of an existing KMS encryption key to use for the Kinesis Firehose.
CloudWatch settings
- Specify an existing CloudWatch IAM role ARN - IAM role ARN to use for the CloudWatch filter.
SNS settings
- Enable encryption on SNS topic? - Select to enable encryption on the topic.
- Specify existing KMS encryption key ARN for SNS topic - ARN of an existing KMS encryption key to use for the SNS topic.
Integration settings
- Specify an integration name - A unique name for the integration that displays in the Lacework Console.
Generate CLI Bundle
After providing basic configuration information and any desired advanced configuration information, generate the CLI bundle.
- Click Generate CLI bundle. This generates a CLI bundle specifically for you based on the information entered. You will copy and paste this into the AWS CloudShell to create the integration.
- Ensure your environment meets all prerequisites.
- Click Copy download bundle command to clipboard.
- As an account with administrator access, go to the AWS CloudShell.
- Paste the command and press enter.
This downloads the Lacework CLI, sets up the CLI with your configuration, calls the CLI non-interactively, and applies Terraform. When the command finishes, the new integration appears in the Cloud accounts list after you refresh the Lacework Console screen.