GCP: Enable VPC Flow Logs
To enable GCP VPC flow logs, follow the below steps.
Procedure
Step 1 | In the Security Cloud Control platform menu, choose . | ||
Step 2 | In the GCP console, navigate to VPC network | ||
Step 3 | to enable the VPC flow log, select the subnet. | ||
Step 4 | Ensure that flow logs is turned On. If it is off, click the Editoption and turn flow logs on. | ||
Step 5 | Turn on flow log on all subnets where you want to enable flow log. | ||
Step 6 | Navigate to Cloud Storage section and create a storage bucket. You can leave everything as default when creating storage bucket.
| ||
Step 7 | Navigate to the Logs Route section. | ||
Step 8 | Click Create Sink. | ||
Step 9 | Enter a name for the sink. | ||
Step 10 | Select Cloud Storage bucket for sink service. | ||
Step 11 | Select the cloud storage bucket that was created above. | ||
Step 12 | In the Choose logs to include in sink section, enter this string: If you are sharing a cloud storage bucket, you only need to perform the remaining steps of this procedure once. | ||
Step 13 | Click Create Sink. | ||
Step 14 | Navigate to . | ||
Step 15 | Create one custom role with this permission: | ||
Step 16 | Create one custom role with following permission: | ||
Step 17 | Add both custom roles to the service account created for Multicloud Defense Controller. When adding the second custom role, enter the following condition: | ||
Step 18 | Navigate to Pub/Subs. | ||
Step 19 | Click Create Topic. | ||
Step 20 | Provide a Topic name and click Create. | ||
Step 21 | Click Subscriptions. A subscription is created for the topic created in step 18. | ||
Step 22 | Edit the subscription. | ||
Step 23 | Change the Delivery type to Push. | ||
Step 24 | Enter this as the endpoint URL: Multicloud Defense automatically assigns the tenant name. To see tenant name, navigate to Multicloud Defense Controller and click on your username. | ||
Step 25 | Click Update. | ||
Step 26 | Open a Google cloud shell and execute the following command: |