Skip to content

Commit

Permalink
CSPM onboarding updates (#3990)
Browse files Browse the repository at this point in the history
* addresses tech feedback for 8.10

* bug fix

* minor edits

* Update docs/cloud-native-security/cspm-get-started-aws.asciidoc

Co-authored-by: Joe Peeples <[email protected]>

* Update docs/cloud-native-security/cspm-get-started-gcp.asciidoc

Co-authored-by: Joe Peeples <[email protected]>

* Update docs/cloud-native-security/cspm-get-started-gcp.asciidoc

Co-authored-by: Joe Peeples <[email protected]>

* adds missing section to side-nav

---------

Co-authored-by: Joe Peeples <[email protected]>
(cherry picked from commit ecb1e63)
  • Loading branch information
benironside authored and mergify[bot] committed Sep 28, 2023
1 parent 7b6382d commit a6d206c
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 7 deletions.
6 changes: 4 additions & 2 deletions docs/cloud-native-security/cspm-get-started-aws.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ When you return to {kib}, click *View assets* to review the data being collected

[discrete]
[[cspm-setup-organization-manual]]
=== Manual authentication for organization-level onboarding
== Manual authentication for organization-level onboarding

NOTE: If you're onboarding a single account instead of an organization, skip this section.

Expand Down Expand Up @@ -156,7 +156,9 @@ IMPORTANT: You must replace `<Management account ID>` in the trust policy with y

IMPORTANT: You must replace `<Management account ID>` in the trust policy with your AWS account ID.

After creating the necessary roles, authenticate using the <<cspm-use-instance-role, default instance role>> method.
After creating the necessary roles, authenticate using one of the manual authentication methods.

IMPORTANT: When deploying to an organization using any of the authentication methods below, you need to make sure that the credentials you provide grant permission to assume `cloudbeat-root` privileges.

[discrete]
[[cspm-set-up-manual]]
Expand Down
29 changes: 24 additions & 5 deletions docs/cloud-native-security/cspm-get-started-gcp.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -63,13 +63,32 @@ https://cloud.google.com/iam/docs/understanding-roles#resourcemanager.projectIam

[discrete]
[[cspm-set-up-manual-gcp]]
=== Manual setup
=== Manual authentication

. Under **Setup Access** select **Manual**.
To authenticate manually, you'll first need to generate credentials for a new GCP service account with the necessary roles, then provide those credentials to the CSPM integration.

Generate GCP credentials:

. Access the GCP console and select your project.
. Navigate to **IAM & Admin -> Service accounts**.
. Click **Create Service Account**.
. Provide an account name.
. Enable the required roles:
.. `Cloud Asset Viewer`: Grants read access to cloud asset metadata.
.. `Browser`: Grants read access to the project hierarchy.
. Click **Continue**, then click **Done**.
. Select the new service account from the list.
. Go to the **KEYS** tab, then click **ADD KEY**.
. Select **JSON** as the key type, then click **CREATE**.

The credentials JSON will download to your local machine. Keep it secure since it provides access to your GCP resources.

Provide credentials to the CSPM integration:

. On the CSPM setup screen under **Setup Access**, select **Manual**.
. Enter your GCP **Project ID**.
. Select either **Credentials File** or **Credentials JSON**.
. Enter the credentials information in your selected format.
. Under **Where to add this integration**,
. Select either **Credentials File** or **Credentials JSON**, and enter the credentials information in your selected format.
. Under **Where to add this integration**:
.. If you want to monitor a GCP project where you have not yet deployed {agent}:
... Select **New Hosts**.
... Name the {agent} policy. Use a name that matches the purpose or team of the cloud account or accounts you want to monitor. For example, `dev-gcp-account`.
Expand Down

0 comments on commit a6d206c

Please sign in to comment.