Manage Cloud Integrations with Terraform
This topic provides an overview of using Terraform to integrate cloud providers with Lacework.
For organizations that have adopted Hashicorp Terraform for automation, Lacework maintains the following open source projects on the Terraform Registry for automating the Lacework platform. The Terraform provider offers a growing collection of custom resources to manage the configuration of the Lacework platform. If you are new to the Terraform provider for Lacework, read the Terraform for Lacework Overview.
About Integrating Cloud Providers with Lacework
Integrating your cloud provider with your Lacework account provides compliance monitoring and reporting, as well as monitoring for security using the cloud provider logs. Compliance identifies any configuration best practices violations that exist in your environment and notifies you. This helps you understand configurations and audit controls so you deploy cloud resources that adhere to best practices. Additionally, Lacework ingests AWS CloudTrail, Azure activity logs, and GCP audit logs to provide detailed alerts for anomalous behavior.
Lacework supports multiple integration methods that use Terraform.
Guided configuration is a wizard-like interface that takes your input and generates a script that downloads and sets up all necessary Lacework CLI and Terraform components to create the cloud integration non-interactively. You can run the generated bundle from your cloud provider's Cloud Shell or any host supported by Terraform. Guided configuration supports most common integration scenarios.
For detailed information about using guided configuration, see the following topics:
- AWS Integration - Guided Configuration
- Azure Integration - Guided Configuration
- GCP Integration - Guided Configuration
The Lacework CLI provides commands that let you easily integrate your cloud provider with Lacework.
For detailed information about using the Lacework CLI, see the following topics:
lacework generate cloud-account aws
lacework generate cloud-account azure
lacework generate cloud-account gcp
You can choose to create the
main.tf file manually and then run Terraform from any host supported supported by Terraform or you can run Terraform from your cloud provider's Cloud Shell. The manual Terraform method may be required for complex integration scenarios.
For detailed information about creating and running the
main.tf file manually, see the following topics:
- AWS Integration - Terraform from AWS CloudShell
- AWS Integration - Terraform from Any Supported Host
- Azure Integration - Terraform from Azure Cloud Shell
- Azure Integration - Terraform from Any Supported Host
- GCP Integration - Terraform from Google Cloud Shell
- GCP Integration - Terraform from Any Supported Host