> ## Documentation Index
> Fetch the complete documentation index at: https://docs.leen.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Lacework CSPM Instructions

> Instructions on how to onboard a Lacework CSPM Integration

## Onboarding Lacework CSPM

Follow the steps below to onboard your environment to our Lacework CSPM app.

<Steps>
  <Step title="Add a Service User - Step 1 - Basic Information">
    Go to the Lacework Console and navigate to `Users` page. (Settings -> Access Control -> Users)

    Click on the `Add User` button. You will see the following screen.

    Change the `User Type` to `Service User`, provide a name(eg. leen-service-user) and click on the `Next` button.

    <img src="https://mintcdn.com/leen/vQ2Rhs44KY1LGMJC/images/lacework/add_user_step_1.png?fit=max&auto=format&n=vQ2Rhs44KY1LGMJC&q=85&s=72d3c0e5da88847edba29304a72944c1" alt="Add User Step 1" width="3498" height="2072" data-path="images/lacework/add_user_step_1.png" />
  </Step>

  <Step title="Add a Service User - Step 2 - Select user group">
    Add one user group called `Account admin` and click on the `Save` button.

    <img src="https://mintcdn.com/leen/vQ2Rhs44KY1LGMJC/images/lacework/add_user_step_2.png?fit=max&auto=format&n=vQ2Rhs44KY1LGMJC&q=85&s=a0163b5c3e91dfd9c6f4e2061e0daaaa" alt="Add User Step 2" width="3498" height="2070" data-path="images/lacework/add_user_step_2.png" />

    <Info>
      The "Account admin" permission is required to fetch compliances and retrieve all Lacework connected cloud accounts. We use the GET /api/v2/CloudAccounts endpoint, which only works with account admin permissions. For more information, see the [Lacework documentation](https://docs.lacework.net/administrator-guide/access-control-overview?tab=admin) on access control, which shows that only admin has "Cloud accounts" read access.
    </Info>
  </Step>

  <Step title="Enable Service User">
    From the list of users on the Users page(Setting -> Access Control -> Users) under `Account level` locate the user you just created and click on the `Enable` button.

    <img src="https://mintcdn.com/leen/vQ2Rhs44KY1LGMJC/images/lacework/enable_user.png?fit=max&auto=format&n=vQ2Rhs44KY1LGMJC&q=85&s=692d4c62c92a039bbfc9087b9876b015" alt="Enable User" width="2544" height="588" data-path="images/lacework/enable_user.png" />
  </Step>

  <Step title="Download API Key">
    Navigate to `Service user API Keys` tab. (Settings -> Configuration -> API Keys -> Service user API Keys)

    Locate the service user you just created and from the tripple dot menu click on the `Download` button to download the API key file.

    This API json file will have following structure:

    ```json theme={null}
    {
      "keyId": "ABC...123",
      "secret": "_ab12...34cd",
      "account": "your-company.lacework.net"
      // "subAccount": "optional: subaccount123"
    }
    ```

    <img src="https://mintcdn.com/leen/vQ2Rhs44KY1LGMJC/images/lacework/download_api_key.png?fit=max&auto=format&n=vQ2Rhs44KY1LGMJC&q=85&s=d66e59914c6e4f06ae9bdbc316e9599c" alt="Download API Key" width="2544" height="808" data-path="images/lacework/download_api_key.png" />
  </Step>

  <Step title="Enter credentials">
    Enter these keys into the Lacework CSPM connector in their respective fields. Eg, key\_id, secret, account and optionally sub\_account
    <Warning> Please note the casing, e.g., camelCase in the API key file versus snake\_case in the connector fields. </Warning>
  </Step>
</Steps>