Skip to main content

subscriber_notifications

Creates, updates, deletes or gets a subscriber_notification resource or lists subscriber_notifications in a region

Overview

Namesubscriber_notifications
TypeResource
DescriptionResource Type definition for AWS::SecurityLake::SubscriberNotification
Idaws.securitylake.subscriber_notifications

Fields

NameDatatypeDescription
notification_configurationobject
subscriber_arnstringThe ARN for the subscriber
subscriber_endpointstringThe endpoint the subscriber should listen to for notifications
regionstringAWS region.

Methods

NameAccessible byRequired Params
create_resourceINSERTSubscriberArn, NotificationConfiguration, region
delete_resourceDELETEdata__Identifier, region
update_resourceUPDATEdata__Identifier, data__PatchDocument, region
list_resourcesSELECTregion
get_resourceSELECTdata__Identifier, region

SELECT examples

Gets all subscriber_notifications in a region.

SELECT
region,
notification_configuration,
subscriber_arn,
subscriber_endpoint
FROM aws.securitylake.subscriber_notifications
WHERE region = 'us-east-1';

Gets all properties from an individual subscriber_notification.

SELECT
region,
notification_configuration,
subscriber_arn,
subscriber_endpoint
FROM aws.securitylake.subscriber_notifications
WHERE region = 'us-east-1' AND data__Identifier = '<SubscriberArn>';

INSERT example

Use the following StackQL query and manifest file to create a new subscriber_notification resource, using stack-deploy.

/*+ create */
INSERT INTO aws.securitylake.subscriber_notifications (
 NotificationConfiguration,
 SubscriberArn,
 region
)
SELECT 
'{{ NotificationConfiguration }}',
 '{{ SubscriberArn }}',
'{{ region }}';

DELETE example

/*+ delete */
DELETE FROM aws.securitylake.subscriber_notifications
WHERE data__Identifier = '<SubscriberArn>'
AND region = 'us-east-1';

Permissions

To operate on the subscriber_notifications resource, the following permissions are required:

Create

securitylake:CreateDataLake,
securitylake:CreateSubscriber,
securitylake:CreateSubscriberNotification,
securitylake:GetSubscriber,
iam:CreateServiceLinkedRole,
iam:PutRolePolicy,
iam:DeleteRolePolicy,
iam:PassRole,
s3:PutBucketNotification,
s3:GetBucketNotification,
events:CreateApiDestination,
events:CreateConnection,
events:CreateRule,
events:UpdateConnection,
events:DeleteConnection,
events:UpdateApiDestination,
events:DeleteApiDestination,
events:ListApiDestinations,
events:ListConnections,
events:PutRule,
events:DescribeRule,
events:DeleteRule,
events:PutTargets,
events:RemoveTargets,
events:ListTargetsByRule,
secretsmanager:CreateSecret,
sqs:CreateQueue,
sqs:GetQueueAttributes,
sqs:GetQueueUrl,
sqs:SetQueueAttributes

Read

securitylake:GetSubscriber

Update

securitylake:UpdateSubscriberNotification,
securitylake:GetSubscriber,
iam:CreateServiceLinkedRole,
iam:PutRolePolicy,
iam:DeleteRolePolicy,
iam:PassRole,
events:CreateApiDestination,
events:CreateConnection,
events:UpdateConnection,
events:DeleteConnection,
events:UpdateApiDestination,
events:DeleteApiDestination,
events:DeleteRule,
events:ListApiDestinations,
events:ListConnections,
events:PutRule,
events:DescribeRule,
events:DeleteRule,
events:PutTargets,
events:RemoveTargets,
events:ListTargetsByRule,
secretsmanager:CreateSecret,
s3:GetBucketNotificationConfiguration,
s3:PutBucketNotificationConfiguration,
s3:PutBucketNotification,
s3:GetBucketNotification,
sqs:CreateQueue,
sqs:DeleteQueue,
sqs:GetQueueAttributes,
sqs:SetQueueAttributes

Delete

securitylake:DeleteSubscriberNotification,
securitylake:GetSubscriber,
iam:DeleteRole,
iam:DeleteRolePolicy,
events:DeleteApiDestination,
events:DeleteConnection,
events:DeleteRule,
events:ListTargetsByRule,
events:DescribeRule,
events:RemoveTargets,
sqs:DeleteQueue

List

securitylake:ListSubscribers