README
¶
AWS::SecurityLake Construct Library
---
All classes with the
Cfnprefix in this module (CFN Resources) are always stable and safe to use.
This module is part of the AWS Cloud Development Kit project.
import securitylake "github.com/aws/aws-cdk-go/awscdk"
There are no official hand-written (L2) constructs for this service yet. Here are some suggestions on how to proceed:
- Search Construct Hub for SecurityLake construct libraries
- Use the automatically generated L1 constructs, in the same way you would use the CloudFormation AWS::SecurityLake resources directly.
There are no hand-written (L2) constructs for this service yet. However, you can still use the automatically generated L1 constructs, and use this service exactly as you would using CloudFormation directly.
For more information on the resources and properties available for this service, see the CloudFormation documentation for AWS::SecurityLake.
(Read the CDK Contributing Guide and submit an RFC if you are interested in contributing to this construct library.)
Documentation
¶
Index ¶
- func CfnAwsLogSource_CFN_RESOURCE_TYPE_NAME() *string
- func CfnAwsLogSource_IsCfnElement(x interface{}) *bool
- func CfnAwsLogSource_IsCfnResource(x interface{}) *bool
- func CfnAwsLogSource_IsConstruct(x interface{}) *bool
- func CfnDataLake_CFN_RESOURCE_TYPE_NAME() *string
- func CfnDataLake_IsCfnElement(x interface{}) *bool
- func CfnDataLake_IsCfnResource(x interface{}) *bool
- func CfnDataLake_IsConstruct(x interface{}) *bool
- func CfnSubscriber_CFN_RESOURCE_TYPE_NAME() *string
- func CfnSubscriber_IsCfnElement(x interface{}) *bool
- func CfnSubscriber_IsCfnResource(x interface{}) *bool
- func CfnSubscriber_IsConstruct(x interface{}) *bool
- func NewCfnAwsLogSource_Override(c CfnAwsLogSource, scope constructs.Construct, id *string, ...)
- func NewCfnDataLake_Override(c CfnDataLake, scope constructs.Construct, id *string, props *CfnDataLakeProps)
- func NewCfnSubscriber_Override(c CfnSubscriber, scope constructs.Construct, id *string, ...)
- type CfnAwsLogSource
- type CfnAwsLogSourceProps
- type CfnDataLake
- type CfnDataLakeProps
- type CfnDataLake_EncryptionConfigurationProperty
- type CfnDataLake_ExpirationProperty
- type CfnDataLake_LifecycleConfigurationProperty
- type CfnDataLake_ReplicationConfigurationProperty
- type CfnDataLake_TransitionsProperty
- type CfnSubscriber
- type CfnSubscriberProps
- type CfnSubscriber_AwsLogSourceProperty
- type CfnSubscriber_CustomLogSourceProperty
- type CfnSubscriber_SourceProperty
- type CfnSubscriber_SubscriberIdentityProperty
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CfnAwsLogSource_CFN_RESOURCE_TYPE_NAME ¶ added in v2.138.0
func CfnAwsLogSource_CFN_RESOURCE_TYPE_NAME() *string
func CfnAwsLogSource_IsCfnElement ¶ added in v2.138.0
func CfnAwsLogSource_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnAwsLogSource_IsCfnResource ¶ added in v2.138.0
func CfnAwsLogSource_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnAwsLogSource_IsConstruct ¶ added in v2.138.0
func CfnAwsLogSource_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnDataLake_CFN_RESOURCE_TYPE_NAME ¶
func CfnDataLake_CFN_RESOURCE_TYPE_NAME() *string
func CfnDataLake_IsCfnElement ¶
func CfnDataLake_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnDataLake_IsCfnResource ¶
func CfnDataLake_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnDataLake_IsConstruct ¶
func CfnDataLake_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnSubscriber_CFN_RESOURCE_TYPE_NAME ¶ added in v2.138.0
func CfnSubscriber_CFN_RESOURCE_TYPE_NAME() *string
func CfnSubscriber_IsCfnElement ¶ added in v2.138.0
func CfnSubscriber_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnSubscriber_IsCfnResource ¶ added in v2.138.0
func CfnSubscriber_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnSubscriber_IsConstruct ¶ added in v2.138.0
func CfnSubscriber_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func NewCfnAwsLogSource_Override ¶ added in v2.138.0
func NewCfnAwsLogSource_Override(c CfnAwsLogSource, scope constructs.Construct, id *string, props *CfnAwsLogSourceProps)
func NewCfnDataLake_Override ¶
func NewCfnDataLake_Override(c CfnDataLake, scope constructs.Construct, id *string, props *CfnDataLakeProps)
func NewCfnSubscriber_Override ¶ added in v2.138.0
func NewCfnSubscriber_Override(c CfnSubscriber, scope constructs.Construct, id *string, props *CfnSubscriberProps)
Types ¶
type CfnAwsLogSource ¶ added in v2.138.0
type CfnAwsLogSource interface {
awscdk.CfnResource
awscdk.IInspectable
// Specify the AWS account information where you want to enable Security Lake.
Accounts() *[]*string
SetAccounts(val *[]*string)
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The Amazon Resource Name (ARN) used to create the data lake.
DataLakeArn() *string
SetDataLakeArn(val *string)
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The name for a AWS source.
SourceName() *string
SetSourceName(val *string)
// The version for a AWS source.
SourceVersion() *string
SetSourceVersion(val *string)
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
Adds a natively supported AWS service as an AWS source.
Enables source types for member accounts in required AWS Regions, based on the parameters you specify. You can choose any source type in any Region for either accounts that are part of a trusted organization or standalone accounts. Once you add an AWS service as a source, Security Lake starts collecting logs and events from it.
> If you want to create multiple sources using `AWS::SecurityLake::AwsLogSource` , you must use the `DependsOn` attribute to create the sources sequentially. With the `DependsOn` attribute you can specify that the creation of a specific `AWSLogSource` follows another. When you add a `DependsOn` attribute to a resource, that resource is created only after the creation of the resource specified in the `DependsOn` attribute. For an example, see [Add AWS log sources](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-awslogsource.html#aws-resource-securitylake-awslogsource--examples) .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnAwsLogSource := awscdk.Aws_securitylake.NewCfnAwsLogSource(this, jsii.String("MyCfnAwsLogSource"), &CfnAwsLogSourceProps{
DataLakeArn: jsii.String("dataLakeArn"),
SourceName: jsii.String("sourceName"),
SourceVersion: jsii.String("sourceVersion"),
// the properties below are optional
Accounts: []*string{
jsii.String("accounts"),
},
})
func NewCfnAwsLogSource ¶ added in v2.138.0
func NewCfnAwsLogSource(scope constructs.Construct, id *string, props *CfnAwsLogSourceProps) CfnAwsLogSource
type CfnAwsLogSourceProps ¶ added in v2.138.0
type CfnAwsLogSourceProps struct {
// The Amazon Resource Name (ARN) used to create the data lake.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-awslogsource.html#cfn-securitylake-awslogsource-datalakearn
//
DataLakeArn *string `field:"required" json:"dataLakeArn" yaml:"dataLakeArn"`
// The name for a AWS source.
//
// This must be a Regionally unique value. For the list of sources supported by Amazon Security Lake see [Collecting data from AWS services](https://docs.aws.amazon.com//security-lake/latest/userguide/internal-sources.html) in the Amazon Security Lake User Guide.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-awslogsource.html#cfn-securitylake-awslogsource-sourcename
//
SourceName *string `field:"required" json:"sourceName" yaml:"sourceName"`
// The version for a AWS source.
//
// For more details about source versions supported by Amazon Security Lake see [OCSF source identification](https://docs.aws.amazon.com//security-lake/latest/userguide/open-cybersecurity-schema-framework.html#ocsf-source-identification) in the Amazon Security Lake User Guide. This must be a Regionally unique value.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-awslogsource.html#cfn-securitylake-awslogsource-sourceversion
//
SourceVersion *string `field:"required" json:"sourceVersion" yaml:"sourceVersion"`
// Specify the AWS account information where you want to enable Security Lake.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-awslogsource.html#cfn-securitylake-awslogsource-accounts
//
Accounts *[]*string `field:"optional" json:"accounts" yaml:"accounts"`
}
Properties for defining a `CfnAwsLogSource`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnAwsLogSourceProps := &CfnAwsLogSourceProps{
DataLakeArn: jsii.String("dataLakeArn"),
SourceName: jsii.String("sourceName"),
SourceVersion: jsii.String("sourceVersion"),
// the properties below are optional
Accounts: []*string{
jsii.String("accounts"),
},
}
type CfnDataLake ¶
type CfnDataLake interface {
awscdk.CfnResource
awscdk.IInspectable
awscdk.ITaggableV2
// The Amazon Resource Name (ARN) of the data lake.
AttrArn() *string
// The Amazon Resource Name (ARN) of the Amazon S3 bucket.
AttrS3BucketArn() *string
// Tag Manager which manages the tags for this resource.
CdkTagManager() awscdk.TagManager
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// Provides encryption details of the Amazon Security Lake object.
EncryptionConfiguration() interface{}
SetEncryptionConfiguration(val interface{})
// You can customize Security Lake to store data in your preferred AWS Regions for your preferred amount of time.
LifecycleConfiguration() interface{}
SetLifecycleConfiguration(val interface{})
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The Amazon Resource Name (ARN) used to create and update the AWS Glue table.
MetaStoreManagerRoleArn() *string
SetMetaStoreManagerRoleArn(val *string)
// The tree node.
Node() constructs.Node
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// Provides replication details of Amazon Security Lake object.
ReplicationConfiguration() interface{}
SetReplicationConfiguration(val interface{})
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// An array of objects, one for each tag to associate with the data lake configuration.
Tags() *[]*awscdk.CfnTag
SetTags(val *[]*awscdk.CfnTag)
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
Initializes an Amazon Security Lake instance with the provided (or default) configuration.
You can enable Security Lake in AWS Regions with customized settings before enabling log collection in Regions. To specify particular Regions, configure these Regions using the `configurations` parameter. If you have already enabled Security Lake in a Region when you call this command, the command will update the Region if you provide new configuration parameters. If you have not already enabled Security Lake in the Region when you call this API, it will set up the data lake in the Region with the specified configurations.
When you enable Security Lake , it starts ingesting security data after the `CreateAwsLogSource` call. This includes ingesting security data from sources, storing data, and making data accessible to subscribers. Security Lake also enables all the existing settings and resources that it stores or maintains for your AWS account in the current Region, including security log and event data. For more information, see the [Amazon Security Lake User Guide](https://docs.aws.amazon.com//security-lake/latest/userguide/what-is-security-lake.html) .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnDataLake := awscdk.Aws_securitylake.NewCfnDataLake(this, jsii.String("MyCfnDataLake"), &CfnDataLakeProps{
EncryptionConfiguration: &EncryptionConfigurationProperty{
KmsKeyId: jsii.String("kmsKeyId"),
},
LifecycleConfiguration: &LifecycleConfigurationProperty{
Expiration: &ExpirationProperty{
Days: jsii.Number(123),
},
Transitions: []interface{}{
&TransitionsProperty{
Days: jsii.Number(123),
StorageClass: jsii.String("storageClass"),
},
},
},
MetaStoreManagerRoleArn: jsii.String("metaStoreManagerRoleArn"),
ReplicationConfiguration: &ReplicationConfigurationProperty{
Regions: []*string{
jsii.String("regions"),
},
RoleArn: jsii.String("roleArn"),
},
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
})
func NewCfnDataLake ¶
func NewCfnDataLake(scope constructs.Construct, id *string, props *CfnDataLakeProps) CfnDataLake
type CfnDataLakeProps ¶
type CfnDataLakeProps struct {
// Provides encryption details of the Amazon Security Lake object.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-datalake.html#cfn-securitylake-datalake-encryptionconfiguration
//
EncryptionConfiguration interface{} `field:"optional" json:"encryptionConfiguration" yaml:"encryptionConfiguration"`
// You can customize Security Lake to store data in your preferred AWS Regions for your preferred amount of time.
//
// Lifecycle management can help you comply with different compliance requirements. For more details, see [Lifecycle management](https://docs.aws.amazon.com//security-lake/latest/userguide/lifecycle-management.html) in the Amazon Security Lake User Guide.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-datalake.html#cfn-securitylake-datalake-lifecycleconfiguration
//
LifecycleConfiguration interface{} `field:"optional" json:"lifecycleConfiguration" yaml:"lifecycleConfiguration"`
// The Amazon Resource Name (ARN) used to create and update the AWS Glue table.
//
// This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-datalake.html#cfn-securitylake-datalake-metastoremanagerrolearn
//
MetaStoreManagerRoleArn *string `field:"optional" json:"metaStoreManagerRoleArn" yaml:"metaStoreManagerRoleArn"`
// Provides replication details of Amazon Security Lake object.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-datalake.html#cfn-securitylake-datalake-replicationconfiguration
//
ReplicationConfiguration interface{} `field:"optional" json:"replicationConfiguration" yaml:"replicationConfiguration"`
// An array of objects, one for each tag to associate with the data lake configuration.
//
// For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-datalake.html#cfn-securitylake-datalake-tags
//
Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}
Properties for defining a `CfnDataLake`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnDataLakeProps := &CfnDataLakeProps{
EncryptionConfiguration: &EncryptionConfigurationProperty{
KmsKeyId: jsii.String("kmsKeyId"),
},
LifecycleConfiguration: &LifecycleConfigurationProperty{
Expiration: &ExpirationProperty{
Days: jsii.Number(123),
},
Transitions: []interface{}{
&TransitionsProperty{
Days: jsii.Number(123),
StorageClass: jsii.String("storageClass"),
},
},
},
MetaStoreManagerRoleArn: jsii.String("metaStoreManagerRoleArn"),
ReplicationConfiguration: &ReplicationConfigurationProperty{
Regions: []*string{
jsii.String("regions"),
},
RoleArn: jsii.String("roleArn"),
},
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
}
type CfnDataLake_EncryptionConfigurationProperty ¶
type CfnDataLake_EncryptionConfigurationProperty struct {
// The ID of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-encryptionconfiguration.html#cfn-securitylake-datalake-encryptionconfiguration-kmskeyid
//
KmsKeyId *string `field:"optional" json:"kmsKeyId" yaml:"kmsKeyId"`
}
Provides encryption details of the Amazon Security Lake object.
The AWS shared responsibility model applies to data protection in Amazon Security Lake . As described in this model, AWS is responsible for protecting the global infrastructure that runs all of the AWS Cloud. You are responsible for maintaining control over your content that is hosted on this infrastructure. For more details, see [Data protection](https://docs.aws.amazon.com//security-lake/latest/userguide/data-protection.html) in the Amazon Security Lake User Guide.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
encryptionConfigurationProperty := &EncryptionConfigurationProperty{
KmsKeyId: jsii.String("kmsKeyId"),
}
type CfnDataLake_ExpirationProperty ¶
type CfnDataLake_ExpirationProperty struct {
// The number of days before data expires in the Amazon Security Lake object.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-expiration.html#cfn-securitylake-datalake-expiration-days
//
Days *float64 `field:"optional" json:"days" yaml:"days"`
}
Provides data expiration details of the Amazon Security Lake object.
You can specify your preferred Amazon S3 storage class and the time period for S3 objects to stay in that storage class before they expire. For more information about Amazon S3 Lifecycle configurations, see [Managing your storage lifecycle](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) in the *Amazon Simple Storage Service User Guide* .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
expirationProperty := &ExpirationProperty{
Days: jsii.Number(123),
}
type CfnDataLake_LifecycleConfigurationProperty ¶
type CfnDataLake_LifecycleConfigurationProperty struct {
// Provides data expiration details of the Amazon Security Lake object.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-lifecycleconfiguration.html#cfn-securitylake-datalake-lifecycleconfiguration-expiration
//
Expiration interface{} `field:"optional" json:"expiration" yaml:"expiration"`
// Provides data storage transition details of Amazon Security Lake object.
//
// By configuring these settings, you can specify your preferred Amazon S3 storage class and the time period for S3 objects to stay in that storage class before they transition to a different storage class.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-lifecycleconfiguration.html#cfn-securitylake-datalake-lifecycleconfiguration-transitions
//
Transitions interface{} `field:"optional" json:"transitions" yaml:"transitions"`
}
Provides lifecycle details of Amazon Security Lake object.
To manage your data so that it is stored cost effectively, you can configure retention settings for the data. You can specify your preferred Amazon S3 storage class and the time period for Amazon S3 objects to stay in that storage class before they transition to a different storage class or expire. For more information about Amazon S3 Lifecycle configurations, see [Managing your storage lifecycle](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) in the *Amazon Simple Storage Service User Guide* .
In Security Lake , you specify retention settings at the Region level. For example, you might choose to transition all S3 objects in a specific AWS Region to the `S3 Standard-IA` storage class 30 days after they're written to the data lake. The default Amazon S3 storage class is S3 Standard.
> Security Lake doesn't support Amazon S3 Object Lock. When the data lake buckets are created, S3 Object Lock is disabled by default. Enabling S3 Object Lock with default retention mode interrupts the delivery of normalized log data to the data lake.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
lifecycleConfigurationProperty := &LifecycleConfigurationProperty{
Expiration: &ExpirationProperty{
Days: jsii.Number(123),
},
Transitions: []interface{}{
&TransitionsProperty{
Days: jsii.Number(123),
StorageClass: jsii.String("storageClass"),
},
},
}
type CfnDataLake_ReplicationConfigurationProperty ¶
type CfnDataLake_ReplicationConfigurationProperty struct {
// Specifies one or more centralized rollup Regions.
//
// The AWS Region specified in the region parameter of the `CreateDataLake` or `UpdateDataLake` operations contributes data to the rollup Region or Regions specified in this parameter.
//
// Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. S3 buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different Regions or within the same Region as the source bucket.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-replicationconfiguration.html#cfn-securitylake-datalake-replicationconfiguration-regions
//
Regions *[]*string `field:"optional" json:"regions" yaml:"regions"`
// Replication settings for the Amazon S3 buckets.
//
// This parameter uses the AWS Identity and Access Management (IAM) role you created that is managed by Security Lake , to ensure the replication setting is correct.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-replicationconfiguration.html#cfn-securitylake-datalake-replicationconfiguration-rolearn
//
RoleArn *string `field:"optional" json:"roleArn" yaml:"roleArn"`
}
Provides replication configuration details for objects stored in the Amazon Security Lake data lake.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
replicationConfigurationProperty := &ReplicationConfigurationProperty{
Regions: []*string{
jsii.String("regions"),
},
RoleArn: jsii.String("roleArn"),
}
type CfnDataLake_TransitionsProperty ¶
type CfnDataLake_TransitionsProperty struct {
// The number of days before data transitions to a different S3 Storage Class in the Amazon Security Lake object.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-transitions.html#cfn-securitylake-datalake-transitions-days
//
Days *float64 `field:"optional" json:"days" yaml:"days"`
// The list of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads.
//
// The default storage class is S3 Standard.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-transitions.html#cfn-securitylake-datalake-transitions-storageclass
//
StorageClass *string `field:"optional" json:"storageClass" yaml:"storageClass"`
}
Provides transition lifecycle details of the Amazon Security Lake object.
For more information about Amazon S3 Lifecycle configurations, see [Managing your storage lifecycle](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) in the *Amazon Simple Storage Service User Guide* .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
transitionsProperty := &TransitionsProperty{
Days: jsii.Number(123),
StorageClass: jsii.String("storageClass"),
}
type CfnSubscriber ¶ added in v2.138.0
type CfnSubscriber interface {
awscdk.CfnResource
awscdk.IInspectable
awscdk.ITaggableV2
// You can choose to notify subscribers of new objects with an Amazon Simple Queue Service (Amazon SQS) queue or through messaging to an HTTPS endpoint provided by the subscriber.
AccessTypes() *[]*string
SetAccessTypes(val *[]*string)
AttrResourceShareArn() *string
AttrResourceShareName() *string
// The Amazon Resource Name (ARN) of the S3 bucket.
AttrS3BucketArn() *string
// The Amazon Resource Name (ARN) of the Security Lake subscriber.
AttrSubscriberArn() *string
// The Amazon Resource Name (ARN) of the role used to create the Security Lake subscriber.
AttrSubscriberRoleArn() *string
// Tag Manager which manages the tags for this resource.
CdkTagManager() awscdk.TagManager
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The Amazon Resource Name (ARN) used to create the data lake.
DataLakeArn() *string
SetDataLakeArn(val *string)
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// Amazon Security Lake supports log and event collection for natively supported AWS services .
Sources() interface{}
SetSources(val interface{})
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// The subscriber descriptions for a subscriber account.
SubscriberDescription() *string
SetSubscriberDescription(val *string)
// The AWS identity used to access your data.
SubscriberIdentity() interface{}
SetSubscriberIdentity(val interface{})
// The name of your Amazon Security Lake subscriber account.
SubscriberName() *string
SetSubscriberName(val *string)
// An array of objects, one for each tag to associate with the subscriber.
Tags() *[]*awscdk.CfnTag
SetTags(val *[]*awscdk.CfnTag)
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
Creates a subscriber for accounts that are already enabled in Amazon Security Lake.
You can create a subscriber with access to data in the current AWS Region.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnSubscriber := awscdk.Aws_securitylake.NewCfnSubscriber(this, jsii.String("MyCfnSubscriber"), &CfnSubscriberProps{
AccessTypes: []*string{
jsii.String("accessTypes"),
},
DataLakeArn: jsii.String("dataLakeArn"),
Sources: []interface{}{
&SourceProperty{
AwsLogSource: &AwsLogSourceProperty{
SourceName: jsii.String("sourceName"),
SourceVersion: jsii.String("sourceVersion"),
},
CustomLogSource: &CustomLogSourceProperty{
SourceName: jsii.String("sourceName"),
SourceVersion: jsii.String("sourceVersion"),
},
},
},
SubscriberIdentity: &SubscriberIdentityProperty{
ExternalId: jsii.String("externalId"),
Principal: jsii.String("principal"),
},
SubscriberName: jsii.String("subscriberName"),
// the properties below are optional
SubscriberDescription: jsii.String("subscriberDescription"),
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
})
func NewCfnSubscriber ¶ added in v2.138.0
func NewCfnSubscriber(scope constructs.Construct, id *string, props *CfnSubscriberProps) CfnSubscriber
type CfnSubscriberProps ¶ added in v2.138.0
type CfnSubscriberProps struct {
// You can choose to notify subscribers of new objects with an Amazon Simple Queue Service (Amazon SQS) queue or through messaging to an HTTPS endpoint provided by the subscriber.
//
// Subscribers can consume data by directly querying AWS Lake Formation tables in your Amazon S3 bucket through services like Amazon Athena. This subscription type is defined as `LAKEFORMATION` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-subscriber.html#cfn-securitylake-subscriber-accesstypes
//
AccessTypes *[]*string `field:"required" json:"accessTypes" yaml:"accessTypes"`
// The Amazon Resource Name (ARN) used to create the data lake.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-subscriber.html#cfn-securitylake-subscriber-datalakearn
//
DataLakeArn *string `field:"required" json:"dataLakeArn" yaml:"dataLakeArn"`
// Amazon Security Lake supports log and event collection for natively supported AWS services .
//
// For more information, see the [Amazon Security Lake User Guide](https://docs.aws.amazon.com//security-lake/latest/userguide/source-management.html) .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-subscriber.html#cfn-securitylake-subscriber-sources
//
Sources interface{} `field:"required" json:"sources" yaml:"sources"`
// The AWS identity used to access your data.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-subscriber.html#cfn-securitylake-subscriber-subscriberidentity
//
SubscriberIdentity interface{} `field:"required" json:"subscriberIdentity" yaml:"subscriberIdentity"`
// The name of your Amazon Security Lake subscriber account.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-subscriber.html#cfn-securitylake-subscriber-subscribername
//
SubscriberName *string `field:"required" json:"subscriberName" yaml:"subscriberName"`
// The subscriber descriptions for a subscriber account.
//
// The description for a subscriber includes `subscriberName` , `accountID` , `externalID` , and `subscriberId` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-subscriber.html#cfn-securitylake-subscriber-subscriberdescription
//
SubscriberDescription *string `field:"optional" json:"subscriberDescription" yaml:"subscriberDescription"`
// An array of objects, one for each tag to associate with the subscriber.
//
// For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-subscriber.html#cfn-securitylake-subscriber-tags
//
Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}
Properties for defining a `CfnSubscriber`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnSubscriberProps := &CfnSubscriberProps{
AccessTypes: []*string{
jsii.String("accessTypes"),
},
DataLakeArn: jsii.String("dataLakeArn"),
Sources: []interface{}{
&SourceProperty{
AwsLogSource: &AwsLogSourceProperty{
SourceName: jsii.String("sourceName"),
SourceVersion: jsii.String("sourceVersion"),
},
CustomLogSource: &CustomLogSourceProperty{
SourceName: jsii.String("sourceName"),
SourceVersion: jsii.String("sourceVersion"),
},
},
},
SubscriberIdentity: &SubscriberIdentityProperty{
ExternalId: jsii.String("externalId"),
Principal: jsii.String("principal"),
},
SubscriberName: jsii.String("subscriberName"),
// the properties below are optional
SubscriberDescription: jsii.String("subscriberDescription"),
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
}
type CfnSubscriber_AwsLogSourceProperty ¶ added in v2.138.0
type CfnSubscriber_AwsLogSourceProperty struct {
// Source name of the natively supported AWS service that is supported as an Amazon Security Lake source.
//
// For the list of sources supported by Amazon Security Lake see [Collecting data from AWS services](https://docs.aws.amazon.com//security-lake/latest/userguide/internal-sources.html) in the Amazon Security Lake User Guide.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-awslogsource.html#cfn-securitylake-subscriber-awslogsource-sourcename
//
SourceName *string `field:"optional" json:"sourceName" yaml:"sourceName"`
// Source version of the natively supported AWS service that is supported as an Amazon Security Lake source.
//
// For more details about source versions supported by Amazon Security Lake see [OCSF source identification](https://docs.aws.amazon.com//security-lake/latest/userguide/open-cybersecurity-schema-framework.html#ocsf-source-identification) in the Amazon Security Lake User Guide.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-awslogsource.html#cfn-securitylake-subscriber-awslogsource-sourceversion
//
SourceVersion *string `field:"optional" json:"sourceVersion" yaml:"sourceVersion"`
}
Adds a natively supported AWS service as an Amazon Security Lake source.
Enables source types for member accounts in required AWS Regions, based on the parameters you specify. You can choose any source type in any Region for either accounts that are part of a trusted organization or standalone accounts. Once you add an AWS service as a source, Security Lake starts collecting logs and events from it.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
awsLogSourceProperty := &AwsLogSourceProperty{
SourceName: jsii.String("sourceName"),
SourceVersion: jsii.String("sourceVersion"),
}
type CfnSubscriber_CustomLogSourceProperty ¶ added in v2.138.0
type CfnSubscriber_CustomLogSourceProperty struct {
// The name of the custom log source.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-customlogsource.html#cfn-securitylake-subscriber-customlogsource-sourcename
//
SourceName *string `field:"optional" json:"sourceName" yaml:"sourceName"`
// The source version of the custom log source.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-customlogsource.html#cfn-securitylake-subscriber-customlogsource-sourceversion
//
SourceVersion *string `field:"optional" json:"sourceVersion" yaml:"sourceVersion"`
}
Third-party custom log source that meets the requirements to be added to Amazon Security Lake .
For more details, see [Custom log source](https://docs.aws.amazon.com//security-lake/latest/userguide/custom-sources.html#iam-roles-custom-sources) in the *Amazon Security Lake User Guide* .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
customLogSourceProperty := &CustomLogSourceProperty{
SourceName: jsii.String("sourceName"),
SourceVersion: jsii.String("sourceVersion"),
}
type CfnSubscriber_SourceProperty ¶ added in v2.138.0
type CfnSubscriber_SourceProperty struct {
// The natively supported AWS service which is used a Amazon Security Lake source to collect logs and events from.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-source.html#cfn-securitylake-subscriber-source-awslogsource
//
AwsLogSource interface{} `field:"optional" json:"awsLogSource" yaml:"awsLogSource"`
// The custom log source AWS which is used a Amazon Security Lake source to collect logs and events from.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-source.html#cfn-securitylake-subscriber-source-customlogsource
//
CustomLogSource interface{} `field:"optional" json:"customLogSource" yaml:"customLogSource"`
}
Sources are logs and events generated from a single system that match a specific event class in the Open Cybersecurity Schema Framework (OCSF) schema.
Amazon Security Lake can collect logs and events from a variety of sources, including natively supported AWS services and third-party custom sources.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
sourceProperty := &SourceProperty{
AwsLogSource: &AwsLogSourceProperty{
SourceName: jsii.String("sourceName"),
SourceVersion: jsii.String("sourceVersion"),
},
CustomLogSource: &CustomLogSourceProperty{
SourceName: jsii.String("sourceName"),
SourceVersion: jsii.String("sourceVersion"),
},
}
type CfnSubscriber_SubscriberIdentityProperty ¶ added in v2.138.0
type CfnSubscriber_SubscriberIdentityProperty struct {
// The external ID is a unique identifier that the subscriber provides to you.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-subscriberidentity.html#cfn-securitylake-subscriber-subscriberidentity-externalid
//
ExternalId *string `field:"required" json:"externalId" yaml:"externalId"`
// Principals can include accounts, users, roles, federated users, or AWS services.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-subscriberidentity.html#cfn-securitylake-subscriber-subscriberidentity-principal
//
Principal *string `field:"required" json:"principal" yaml:"principal"`
}
Specify the AWS account ID and external ID that the subscriber will use to access source data.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
subscriberIdentityProperty := &SubscriberIdentityProperty{
ExternalId: jsii.String("externalId"),
Principal: jsii.String("principal"),
}
Source Files
¶
- CfnAwsLogSource.go
- CfnAwsLogSourceProps.go
- CfnAwsLogSource__checks.go
- CfnDataLake.go
- CfnDataLakeProps.go
- CfnDataLake_EncryptionConfigurationProperty.go
- CfnDataLake_ExpirationProperty.go
- CfnDataLake_LifecycleConfigurationProperty.go
- CfnDataLake_ReplicationConfigurationProperty.go
- CfnDataLake_TransitionsProperty.go
- CfnDataLake__checks.go
- CfnSubscriber.go
- CfnSubscriberProps.go
- CfnSubscriber_AwsLogSourceProperty.go
- CfnSubscriber_CustomLogSourceProperty.go
- CfnSubscriber_SourceProperty.go
- CfnSubscriber_SubscriberIdentityProperty.go
- CfnSubscriber__checks.go
- main.go
Directories
Click to show internal directories.
Click to hide internal directories.