Skip to main content

AWS Integration - Manual Configuration

Lacework integrates with AWS to analyze CloudTrail for monitoring cloud account security, and for cloud resource configuration compliance. This document describes how to manually integrate AWS with Lacework.

  1. Log in to the Lacework Console.
  2. Go to Settings > Integrations > Cloud accounts.
  3. Click + Add New.
  4. Click Amazon Web Services and select one of the following options:
    • Configuration to assess AWS configuration compliance.
    • CloudTrail+Configuration to analyze CloudTrail activity for monitoring cloud account security and AWS configuration compliance.
  5. Click Next.
  6. Click Manual Configuration.
  7. Follow the steps below that correspond to the integration type.

AWS Configuration

Ensure you have completed the preparatory steps described in AWS Integration Prerequisites.

  1. For Name, enter a unique name that displays in the Lacework Console.
  2. For Account ID, enter your AWS account identifier or alias.
  3. For External ID, enter the AWS external ID that is associated with the cross-account role that Lacework uses to access your AWS resource.
  4. For Role ARN, enter the ARN of the cross-account role that Lacework uses to access your AWS resources.
  5. Click Save to finish the AWS integration and save your onboarding progress.
    The integration appears in the list of cloud accounts under Cloud accounts.

AWS CloudTrail and Configuration

Ensure you have completed the preparatory steps described in AWS Integration Prerequisites.

  1. For Name, enter a unique name that displays in the Lacework Console.
  2. For Account ID, enter your AWS account identifier or alias.
  3. For External ID, enter the AWS external ID that is associated with the cross-account role that Lacework uses to access your AWS resource.
  4. For Role ARN, enter the ARN of the cross-account role that Lacework uses to access your AWS resources.
  5. For SQSQueueURL, enter the Amazon Simple Queue Service (SQS) URL value.
  6. Click Save to finish the AWS integration and save your onboarding progress.
    The integration appears in the list of cloud accounts under Cloud accounts.