subscribers
Creates, updates, deletes or gets a subscriber resource or lists subscribers in a region
Overview
| Name | subscribers |
| Type | Resource |
| Description | Resource Type definition for AWS::SecurityLake::Subscriber |
| Id | aws.securitylake.subscribers |
Fields
| Name | Datatype | Description |
|---|---|---|
access_types | array | The Amazon S3 or AWS Lake Formation access type. |
data_lake_arn | string | The ARN for the data lake. |
subscriber_identity | object | The AWS identity used to access your data. |
subscriber_name | string | The name of your Security Lake subscriber account. |
subscriber_description | string | The description for your subscriber account in Security Lake. |
tags | array | An array of objects, one for each tag to associate with the subscriber. For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string. |
sources | array | The supported AWS services from which logs and events are collected. |
resource_share_arn | string | |
resource_share_name | string | |
subscriber_role_arn | string | |
s3_bucket_arn | string | |
subscriber_arn | string | |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | AccessTypes, DataLakeArn, Sources, SubscriberIdentity, SubscriberName, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all subscribers in a region.
SELECT
region,
access_types,
data_lake_arn,
subscriber_identity,
subscriber_name,
subscriber_description,
tags,
sources,
resource_share_arn,
resource_share_name,
subscriber_role_arn,
s3_bucket_arn,
subscriber_arn
FROM aws.securitylake.subscribers
WHERE region = 'us-east-1';
Gets all properties from an individual subscriber.
SELECT
region,
access_types,
data_lake_arn,
subscriber_identity,
subscriber_name,
subscriber_description,
tags,
sources,
resource_share_arn,
resource_share_name,
subscriber_role_arn,
s3_bucket_arn,
subscriber_arn
FROM aws.securitylake.subscribers
WHERE region = 'us-east-1' AND data__Identifier = '<SubscriberArn>';
INSERT example
Use the following StackQL query and manifest file to create a new subscriber resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.securitylake.subscribers (
AccessTypes,
DataLakeArn,
SubscriberIdentity,
SubscriberName,
Sources,
region
)
SELECT
'{{ AccessTypes }}',
'{{ DataLakeArn }}',
'{{ SubscriberIdentity }}',
'{{ SubscriberName }}',
'{{ Sources }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.securitylake.subscribers (
AccessTypes,
DataLakeArn,
SubscriberIdentity,
SubscriberName,
SubscriberDescription,
Tags,
Sources,
region
)
SELECT
'{{ AccessTypes }}',
'{{ DataLakeArn }}',
'{{ SubscriberIdentity }}',
'{{ SubscriberName }}',
'{{ SubscriberDescription }}',
'{{ Tags }}',
'{{ Sources }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: subscriber
props:
- name: AccessTypes
value:
- '{{ AccessTypes[0] }}'
- name: DataLakeArn
value: '{{ DataLakeArn }}'
- name: SubscriberIdentity
value:
ExternalId: '{{ ExternalId }}'
Principal: '{{ Principal }}'
- name: SubscriberName
value: '{{ SubscriberName }}'
- name: SubscriberDescription
value: '{{ SubscriberDescription }}'
- name: Tags
value:
- Key: '{{ Key }}'
Value: '{{ Value }}'
- name: Sources
value:
- null
DELETE example
/*+ delete */
DELETE FROM aws.securitylake.subscribers
WHERE data__Identifier = '<SubscriberArn>'
AND region = 'us-east-1';
Permissions
To operate on the subscribers resource, the following permissions are required:
Create
securitylake:CreateSubscriber,
securitylake:CreateCustomLogSource,
securitylake:CreateDataLake,
securitylake:TagResource,
securitylake:GetSubscriber,
securitylake:ListTagsForResource,
iam:GetRole,
iam:GetRolePolicy,
iam:PutRolePolicy,
iam:CreateRole,
iam:CreateServiceLinkedRole,
glue:GetDatabase,
glue:GetTable,
lakeformation:RegisterResource,
lakeformation:GrantPermissions,
lakeformation:RevokePermissions,
lakeformation:ListPermissions,
ram:GetResourceShareAssociations,
ram:CreateResourceShare,
ram:UpdateResourceShare,
ram:GetResourceShares
Read
securitylake:GetSubscriber,
securitylake:ListTagsForResource
Update
securitylake:UpdateSubscriber,
securitylake:GetSubscriber,
securitylake:TagResource,
securitylake:UntagResource,
securitylake:ListTagsForResource,
glue:GetDatabase,
glue:GetTable,
lakeformation:ListPermissions,
lakeformation:GrantPermissions,
lakeformation:RevokePermissions,
ram:CreateResourceShare,
ram:GetResourceShares,
ram:GetResourceShareAssociations,
ram:UpdateResourceShare,
ram:DeleteResourceShare,
iam:CreateRole,
iam:GetRole,
iam:DeleteRole,
iam:PutRolePolicy,
iam:DeleteRolePolicy,
iam:ListRolePolicies,
events:CreateApiDestination,
events:CreateConnection,
events:ListApiDestinations,
events:ListConnections,
events:PutRule,
events:UpdateApiDestination,
events:UpdateConnection,
events:DeleteApiDestination,
events:DeleteConnection,
events:DeleteRule,
events:RemoveTargets,
events:ListTargetsByRule,
events:DescribeRule,
events:PutTargets
Delete
securitylake:DeleteSubscriber,
iam:GetRole,
iam:ListRolePolicies,
iam:DeleteRole,
iam:DeleteRolePolicy,
glue:GetTable,
lakeformation:RevokePermissions,
lakeformation:ListPermissions,
ram:GetResourceShares,
ram:DeleteResourceShare,
events:DeleteApiDestination,
events:DeleteConnection,
events:DeleteRule,
events:ListApiDestinations,
events:ListTargetsByRule,
events:DescribeRule,
events:RemoveTargets,
sqs:DeleteQueue,
sqs:GetQueueUrl
List
securitylake:ListSubscribers