Skip to main content

Privacera Documentation

Table of Contents

Accessing PostgreSQL Audits in GCP

Prerequisites

Ensure the following prerequisites are met:

Configuration
  1. In GCP:

    1. Run the following commands on Google Cloud's shell (gcloud) by providing GCP_PROJECT_ID and INSTANCE_NAME.

      gcloud sql instances patch  {INSTANCE_NAME} --database-flags=cloudsql.enable_pgaudit=on,pgaudit.log=all --project {GCP_PROJECT_ID}
      
    2. Run a SQL command using a compatible psql client to create the pgAudit extension.

      CREATE EXTENSION pgaudit;              
    3. Create a service account and private key JSON file, which will be used by PolicySync to pull access audits. See Setting up authentication and edit the following fields:

      • Service account name: Enter any user-defined name. For example, policysync-postgres-gcp-audit-service-account.

      • Select a role: Select Private Logs Viewer role.

      • Create new key: Create a service account key and download the JSON file in the custom-vars folder.

  2. In Privacera Manager:

    Add the following properties in vars.policysync.postgres.yml file:

    POSTGRES_AUDIT_SOURCE:"gcp_pgaudit"
    POSTGRES_GCP_AUDIT_SOURCE_INSTANCE_ID:""
    POSTGRES_OAUTH_PRIVATE_KEY_FILE_NAME:""