This page describes how to configure Forseti after it’s set up. Forseti configurations are global and module-specific settings such as the following:
G Suite admin account, and email recipients. This section is currently not being used so there is no need to configure.
inventory: configurations that are used
only by Forseti Inventory, such as
api quota usage and inventory purge option.
scanner: configurations that are used
only by Forseti Scanner, such as
specifying which scanners to enable.
notifier: configurations that are used
only by Forseti Notifier, such as
specifying which notifications to enable.
Configurations are centrally maintained in the
forseti-security/configs/server/forseti_server_conf.yaml file that’s organized into
To set up your configuration, you’ll edit
and save it as
forseti_server_conf.yaml. For convenience, you can maintain different
versions of this file to support multiple configurations of Forseti.
If you are running Forseti on Google Cloud Platform (GCP), copy your edited forseti_server_conf.yaml to your Forseti Cloud Storage bucket. When Forseti runs again (via cronjob), it will execute a script that downloads the latest conf and rules files.
Use the following commands to copy your conf and rules files to Cloud Storage:
gsutil cp configs/forseti_conf.yaml gs://YOUR_FORSETI_GCS_BUCKET/configs/server/forseti_server_conf.yaml
Learn how to manually reload the server configuration.