Skip to main content
Glean sensitive findings rely on Google’s DLP API for data classification for info type scanning. If you’re only using regex and term detection, you can skip these instructions. Glean customers deployed on AWS must create or use an existing GCP account to run infotype scanning. You can use the Glean console to add a GCP DLP service account key JSON, which is then securely stored within your AWS deployment and is used to make API calls.

Prerequisites

  • You must be running Glean on AWS
  • You must create or have an existing GCP account and project
  • Your GCP project must link to a billing account

Configure your GCP Project and Connect the DLP Service to Glean

You must have an admin or super admin role in Glean to upload the service account key JSON.
  1. From your GCP project, enable the DLP API using the link:
    https://console.cloud.google.com/apis/api/dlp.googleapis.com/overview?project=[project_ID]
    Replace the [project_ID] with your GCP project ID.
  2. From the service accounts page, create a service account by selecting the project, then selecting create service account.
  3. From the IAM page, grant the DLP administrator IAM role access to the service account.
  4. From the service accounts page, generate a service account key JSON and download it to your computer.
  5. Upload the service account key JSON you downloaded in the step above to Glean’s Sensitive content reporting page.