data_lakes
Creates, updates, deletes or gets a data_lake resource or lists data_lakes in a region
Overview
| Name | data_lakes |
| Type | Resource |
| Description | Resource Type definition for AWS::SecurityLake::DataLake |
| Id | awscc.securitylake.data_lakes |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
encryption_configuration | object | Provides encryption details of Amazon Security Lake object. |
lifecycle_configuration | object | Provides lifecycle details of Amazon Security Lake object. |
replication_configuration | object | Provides replication details of Amazon Security Lake object. |
meta_store_manager_role_arn | string | The Amazon Resource Name (ARN) used to index AWS Glue table partitions that are generated by the ingestion and normalization of AWS log sources and custom sources. |
tags | array | |
arn | string | The Amazon Resource Name (ARN) created by you to provide to the subscriber. |
s3_bucket_arn | string | The ARN for the Amazon Security Lake Amazon S3 bucket. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
arn | string | The Amazon Resource Name (ARN) created by you to provide to the subscriber. |
region | string | AWS region. |
For more information, see AWS::SecurityLake::DataLake.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | data_lakes | INSERT | region |
delete_resource | data_lakes | DELETE | Identifier, region |
update_resource | data_lakes | UPDATE | Identifier, PatchDocument, region |
list_resources | data_lakes_list_only | SELECT | region |
get_resource | data_lakes | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual data_lake.
SELECT
region,
encryption_configuration,
lifecycle_configuration,
replication_configuration,
meta_store_manager_role_arn,
tags,
arn,
s3_bucket_arn
FROM awscc.securitylake.data_lakes
WHERE
region = 'us-east-1' AND
Identifier = '{{ arn }}';
Lists all data_lakes in a region.
SELECT
region,
arn
FROM awscc.securitylake.data_lakes_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new data_lake resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.securitylake.data_lakes (
EncryptionConfiguration,
LifecycleConfiguration,
ReplicationConfiguration,
MetaStoreManagerRoleArn,
Tags,
region
)
SELECT
'{{ encryption_configuration }}',
'{{ lifecycle_configuration }}',
'{{ replication_configuration }}',
'{{ meta_store_manager_role_arn }}',
'{{ tags }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.securitylake.data_lakes (
EncryptionConfiguration,
LifecycleConfiguration,
ReplicationConfiguration,
MetaStoreManagerRoleArn,
Tags,
region
)
SELECT
'{{ encryption_configuration }}',
'{{ lifecycle_configuration }}',
'{{ replication_configuration }}',
'{{ meta_store_manager_role_arn }}',
'{{ tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: data_lake
props:
- name: encryption_configuration
value:
kms_key_id: '{{ kms_key_id }}'
- name: lifecycle_configuration
value:
expiration:
days: '{{ days }}'
transitions:
- days: '{{ days }}'
storage_class: '{{ storage_class }}'
- name: replication_configuration
value:
regions:
- '{{ regions[0] }}'
role_arn: '{{ role_arn }}'
- name: meta_store_manager_role_arn
value: '{{ meta_store_manager_role_arn }}'
- name: tags
value:
- key: '{{ key }}'
value: '{{ value }}'
UPDATE example
Use the following StackQL query and manifest file to update a data_lake resource, using stack-deploy.
/*+ update */
UPDATE awscc.securitylake.data_lakes
SET PatchDocument = string('{{ {
"EncryptionConfiguration": encryption_configuration,
"LifecycleConfiguration": lifecycle_configuration,
"ReplicationConfiguration": replication_configuration,
"MetaStoreManagerRoleArn": meta_store_manager_role_arn,
"Tags": tags
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ arn }}';
DELETE example
/*+ delete */
DELETE FROM awscc.securitylake.data_lakes
WHERE
Identifier = '{{ arn }}' AND
region = 'us-east-1';
Permissions
To operate on the data_lakes resource, the following permissions are required:
- Create
- Update
- Delete
- Read
- List
events:*,
iam:CreateServiceLinkedRole,
iam:GetRole,
iam:ListAttachedRolePolicies,
iam:PutRolePolicy,
iam:PassRole,
glue:*,
organizations:*,
kms:DescribeKey,
kms:CreateGrant,
lakeformation:*,
lambda:*,
s3:*,
securitylake:CreateDataLake,
securitylake:TagResource,
securitylake:List*,
sqs:*
events:*,
iam:CreateServiceLinkedRole,
iam:DeleteRolePolicy,
iam:GetRole,
iam:PassRole,
iam:PutRolePolicy,
kms:DescribeKey,
kms:CreateGrant,
lakeformation:*,
lambda:*,
organizations:*,
s3:*,
securitylake:List*,
securitylake:TagResource,
securitylake:UntagResource,
securitylake:UpdateDataLake,
sqs:*
organizations:*,
securitylake:DeleteDataLake,
securitylake:List*
securitylake:List*
securitylake:List*