Skip to main content

subscribers

Creates, updates, deletes or gets a subscriber resource or lists subscribers in a region

Overview

Namesubscribers
TypeResource
DescriptionResource Type definition for AWS::SecurityLake::Subscriber
Idawscc.securitylake.subscribers

Fields

NameDatatypeDescription
access_typesarrayThe Amazon S3 or AWS Lake Formation access type.
data_lake_arnstringThe ARN for the data lake.
subscriber_identityobjectThe AWS identity used to access your data.
subscriber_namestringThe name of your Security Lake subscriber account.
subscriber_descriptionstringThe description for your subscriber account in Security Lake.
tagsarrayAn array of objects, one for each tag to associate with the subscriber. For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string.
sourcesarrayThe supported AWS services from which logs and events are collected.
resource_share_arnstring
resource_share_namestring
subscriber_role_arnstring
s3_bucket_arnstring
subscriber_arnstring
regionstringAWS region.

For more information, see AWS::SecurityLake::Subscriber.

Methods

NameResourceAccessible byRequired Params
create_resourcesubscribersINSERTAccessTypes, DataLakeArn, Sources, SubscriberIdentity, SubscriberName, region
delete_resourcesubscribersDELETEIdentifier, region
update_resourcesubscribersUPDATEIdentifier, PatchDocument, region
list_resourcessubscribers_list_onlySELECTregion
get_resourcesubscribersSELECTIdentifier, region

SELECT examples

Gets all properties from an individual subscriber.

SELECT
  region,
  access_types,
  data_lake_arn,
  subscriber_identity,
  subscriber_name,
  subscriber_description,
  tags,
  sources,
  resource_share_arn,
  resource_share_name,
  subscriber_role_arn,
  s3_bucket_arn,
  subscriber_arn
FROM awscc.securitylake.subscribers
WHERE
  region = 'us-east-1' AND
  Identifier = '{{ subscriber_arn }}';

INSERT example

Use the following StackQL query and manifest file to create a new subscriber resource, using stack-deploy.

/*+ create */
INSERT INTO awscc.securitylake.subscribers (
  AccessTypes,
  DataLakeArn,
  SubscriberIdentity,
  SubscriberName,
  Sources,
  region
)
SELECT
  '{{ access_types }}',
  '{{ data_lake_arn }}',
  '{{ subscriber_identity }}',
  '{{ subscriber_name }}',
  '{{ sources }}',
  '{{ region }}';

UPDATE example

Use the following StackQL query and manifest file to update a subscriber resource, using stack-deploy.

/*+ update */
UPDATE awscc.securitylake.subscribers
SET PatchDocument = string('{{ {
    "AccessTypes": access_types,
    "SubscriberIdentity": subscriber_identity,
    "SubscriberName": subscriber_name,
    "SubscriberDescription": subscriber_description,
    "Tags": tags,
    "Sources": sources
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ subscriber_arn }}';

DELETE example

/*+ delete */
DELETE FROM awscc.securitylake.subscribers
WHERE
  Identifier = '{{ subscriber_arn }}' AND
  region = 'us-east-1';

Permissions

To operate on the subscribers resource, the following permissions are required:

securitylake:CreateSubscriber,
securitylake:CreateCustomLogSource,
securitylake:CreateDataLake,
securitylake:TagResource,
securitylake:GetSubscriber,
securitylake:ListSubscribers,
securitylake:ListTagsForResource,
iam:GetRole,
iam:GetRolePolicy,
iam:PutRolePolicy,
iam:CreateRole,
iam:CreateServiceLinkedRole,
glue:GetDatabase,
glue:GetTable,
lakeformation:RegisterResource,
lakeformation:GrantPermissions,
lakeformation:RevokePermissions,
lakeformation:ListPermissions,
ram:GetResourceShareAssociations,
ram:CreateResourceShare,
ram:UpdateResourceShare,
ram:GetResourceShares