Docs Home
AWS v6.71.0 published on Friday, Mar 7, 2025 by Pulumi
aws.securitylake.DataLake
Explore with Pulumi AI
Resource for managing an AWS Security Lake Data Lake.
NOTE: The underlying
aws.securitylake.DataLakemust be configured before creating other Security Lake resources. Use adepends_onstatement.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.securitylake.DataLake("example", {
metaStoreManagerRoleArn: metaStoreManager.arn,
configuration: {
region: "eu-west-1",
encryptionConfigurations: [{
kmsKeyId: "S3_MANAGED_KEY",
}],
lifecycleConfiguration: {
transitions: [
{
days: 31,
storageClass: "STANDARD_IA",
},
{
days: 80,
storageClass: "ONEZONE_IA",
},
],
expiration: {
days: 300,
},
},
},
});
import pulumi
import pulumi_aws as aws
example = aws.securitylake.DataLake("example",
meta_store_manager_role_arn=meta_store_manager["arn"],
configuration={
"region": "eu-west-1",
"encryption_configurations": [{
"kms_key_id": "S3_MANAGED_KEY",
}],
"lifecycle_configuration": {
"transitions": [
{
"days": 31,
"storage_class": "STANDARD_IA",
},
{
"days": 80,
"storage_class": "ONEZONE_IA",
},
],
"expiration": {
"days": 300,
},
},
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securitylake"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securitylake.NewDataLake(ctx, "example", &securitylake.DataLakeArgs{
MetaStoreManagerRoleArn: pulumi.Any(metaStoreManager.Arn),
Configuration: &securitylake.DataLakeConfigurationArgs{
Region: pulumi.String("eu-west-1"),
EncryptionConfigurations: securitylake.DataLakeConfigurationEncryptionConfigurationArray{
&securitylake.DataLakeConfigurationEncryptionConfigurationArgs{
KmsKeyId: pulumi.String("S3_MANAGED_KEY"),
},
},
LifecycleConfiguration: &securitylake.DataLakeConfigurationLifecycleConfigurationArgs{
Transitions: securitylake.DataLakeConfigurationLifecycleConfigurationTransitionArray{
&securitylake.DataLakeConfigurationLifecycleConfigurationTransitionArgs{
Days: pulumi.Int(31),
StorageClass: pulumi.String("STANDARD_IA"),
},
&securitylake.DataLakeConfigurationLifecycleConfigurationTransitionArgs{
Days: pulumi.Int(80),
StorageClass: pulumi.String("ONEZONE_IA"),
},
},
Expiration: &securitylake.DataLakeConfigurationLifecycleConfigurationExpirationArgs{
Days: pulumi.Int(300),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.SecurityLake.DataLake("example", new()
{
MetaStoreManagerRoleArn = metaStoreManager.Arn,
Configuration = new Aws.SecurityLake.Inputs.DataLakeConfigurationArgs
{
Region = "eu-west-1",
EncryptionConfigurations = new[]
{
new Aws.SecurityLake.Inputs.DataLakeConfigurationEncryptionConfigurationArgs
{
KmsKeyId = "S3_MANAGED_KEY",
},
},
LifecycleConfiguration = new Aws.SecurityLake.Inputs.DataLakeConfigurationLifecycleConfigurationArgs
{
Transitions = new[]
{
new Aws.SecurityLake.Inputs.DataLakeConfigurationLifecycleConfigurationTransitionArgs
{
Days = 31,
StorageClass = "STANDARD_IA",
},
new Aws.SecurityLake.Inputs.DataLakeConfigurationLifecycleConfigurationTransitionArgs
{
Days = 80,
StorageClass = "ONEZONE_IA",
},
},
Expiration = new Aws.SecurityLake.Inputs.DataLakeConfigurationLifecycleConfigurationExpirationArgs
{
Days = 300,
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.securitylake.DataLake;
import com.pulumi.aws.securitylake.DataLakeArgs;
import com.pulumi.aws.securitylake.inputs.DataLakeConfigurationArgs;
import com.pulumi.aws.securitylake.inputs.DataLakeConfigurationLifecycleConfigurationArgs;
import com.pulumi.aws.securitylake.inputs.DataLakeConfigurationLifecycleConfigurationExpirationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DataLake("example", DataLakeArgs.builder()
.metaStoreManagerRoleArn(metaStoreManager.arn())
.configuration(DataLakeConfigurationArgs.builder()
.region("eu-west-1")
.encryptionConfigurations(DataLakeConfigurationEncryptionConfigurationArgs.builder()
.kmsKeyId("S3_MANAGED_KEY")
.build())
.lifecycleConfiguration(DataLakeConfigurationLifecycleConfigurationArgs.builder()
.transitions(
DataLakeConfigurationLifecycleConfigurationTransitionArgs.builder()
.days(31)
.storageClass("STANDARD_IA")
.build(),
DataLakeConfigurationLifecycleConfigurationTransitionArgs.builder()
.days(80)
.storageClass("ONEZONE_IA")
.build())
.expiration(DataLakeConfigurationLifecycleConfigurationExpirationArgs.builder()
.days(300)
.build())
.build())
.build())
.build());
}
}
resources:
example:
type: aws:securitylake:DataLake
properties:
metaStoreManagerRoleArn: ${metaStoreManager.arn}
configuration:
region: eu-west-1
encryptionConfigurations:
- kmsKeyId: S3_MANAGED_KEY
lifecycleConfiguration:
transitions:
- days: 31
storageClass: STANDARD_IA
- days: 80
storageClass: ONEZONE_IA
expiration:
days: 300
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.securitylake.DataLake("example", {
metaStoreManagerRoleArn: metaStoreManager.arn,
configuration: {
region: "eu-west-1",
encryptionConfigurations: [{
kmsKeyId: "S3_MANAGED_KEY",
}],
},
});
import pulumi
import pulumi_aws as aws
example = aws.securitylake.DataLake("example",
meta_store_manager_role_arn=meta_store_manager["arn"],
configuration={
"region": "eu-west-1",
"encryption_configurations": [{
"kms_key_id": "S3_MANAGED_KEY",
}],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securitylake"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securitylake.NewDataLake(ctx, "example", &securitylake.DataLakeArgs{
MetaStoreManagerRoleArn: pulumi.Any(metaStoreManager.Arn),
Configuration: &securitylake.DataLakeConfigurationArgs{
Region: pulumi.String("eu-west-1"),
EncryptionConfigurations: securitylake.DataLakeConfigurationEncryptionConfigurationArray{
&securitylake.DataLakeConfigurationEncryptionConfigurationArgs{
KmsKeyId: pulumi.String("S3_MANAGED_KEY"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.SecurityLake.DataLake("example", new()
{
MetaStoreManagerRoleArn = metaStoreManager.Arn,
Configuration = new Aws.SecurityLake.Inputs.DataLakeConfigurationArgs
{
Region = "eu-west-1",
EncryptionConfigurations = new[]
{
new Aws.SecurityLake.Inputs.DataLakeConfigurationEncryptionConfigurationArgs
{
KmsKeyId = "S3_MANAGED_KEY",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.securitylake.DataLake;
import com.pulumi.aws.securitylake.DataLakeArgs;
import com.pulumi.aws.securitylake.inputs.DataLakeConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DataLake("example", DataLakeArgs.builder()
.metaStoreManagerRoleArn(metaStoreManager.arn())
.configuration(DataLakeConfigurationArgs.builder()
.region("eu-west-1")
.encryptionConfigurations(DataLakeConfigurationEncryptionConfigurationArgs.builder()
.kmsKeyId("S3_MANAGED_KEY")
.build())
.build())
.build());
}
}
resources:
example:
type: aws:securitylake:DataLake
properties:
metaStoreManagerRoleArn: ${metaStoreManager.arn}
configuration:
region: eu-west-1
encryptionConfigurations:
- kmsKeyId: S3_MANAGED_KEY
Create DataLake Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DataLake(name: string, args: DataLakeArgs, opts?: CustomResourceOptions);@overload
def DataLake(resource_name: str,
args: DataLakeArgs,
opts: Optional[ResourceOptions] = None)
@overload
def DataLake(resource_name: str,
opts: Optional[ResourceOptions] = None,
meta_store_manager_role_arn: Optional[str] = None,
configuration: Optional[DataLakeConfigurationArgs] = None,
tags: Optional[Mapping[str, str]] = None,
timeouts: Optional[DataLakeTimeoutsArgs] = None)func NewDataLake(ctx *Context, name string, args DataLakeArgs, opts ...ResourceOption) (*DataLake, error)public DataLake(string name, DataLakeArgs args, CustomResourceOptions? opts = null)
public DataLake(String name, DataLakeArgs args)
public DataLake(String name, DataLakeArgs args, CustomResourceOptions options)
type: aws:securitylake:DataLake
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DataLakeArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DataLakeArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DataLakeArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DataLakeArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DataLakeArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var dataLakeResource = new Aws.SecurityLake.DataLake("dataLakeResource", new()
{
MetaStoreManagerRoleArn = "string",
Configuration = new Aws.SecurityLake.Inputs.DataLakeConfigurationArgs
{
Region = "string",
EncryptionConfigurations = new[]
{
new Aws.SecurityLake.Inputs.DataLakeConfigurationEncryptionConfigurationArgs
{
KmsKeyId = "string",
},
},
LifecycleConfiguration = new Aws.SecurityLake.Inputs.DataLakeConfigurationLifecycleConfigurationArgs
{
Expiration = new Aws.SecurityLake.Inputs.DataLakeConfigurationLifecycleConfigurationExpirationArgs
{
Days = 0,
},
Transitions = new[]
{
new Aws.SecurityLake.Inputs.DataLakeConfigurationLifecycleConfigurationTransitionArgs
{
Days = 0,
StorageClass = "string",
},
},
},
ReplicationConfiguration = new Aws.SecurityLake.Inputs.DataLakeConfigurationReplicationConfigurationArgs
{
Regions = new[]
{
"string",
},
RoleArn = "string",
},
},
Tags =
{
{ "string", "string" },
},
Timeouts = new Aws.SecurityLake.Inputs.DataLakeTimeoutsArgs
{
Create = "string",
Delete = "string",
Update = "string",
},
});
example, err := securitylake.NewDataLake(ctx, "dataLakeResource", &securitylake.DataLakeArgs{
MetaStoreManagerRoleArn: pulumi.String("string"),
Configuration: &securitylake.DataLakeConfigurationArgs{
Region: pulumi.String("string"),
EncryptionConfigurations: securitylake.DataLakeConfigurationEncryptionConfigurationArray{
&securitylake.DataLakeConfigurationEncryptionConfigurationArgs{
KmsKeyId: pulumi.String("string"),
},
},
LifecycleConfiguration: &securitylake.DataLakeConfigurationLifecycleConfigurationArgs{
Expiration: &securitylake.DataLakeConfigurationLifecycleConfigurationExpirationArgs{
Days: pulumi.Int(0),
},
Transitions: securitylake.DataLakeConfigurationLifecycleConfigurationTransitionArray{
&securitylake.DataLakeConfigurationLifecycleConfigurationTransitionArgs{
Days: pulumi.Int(0),
StorageClass: pulumi.String("string"),
},
},
},
ReplicationConfiguration: &securitylake.DataLakeConfigurationReplicationConfigurationArgs{
Regions: pulumi.StringArray{
pulumi.String("string"),
},
RoleArn: pulumi.String("string"),
},
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
Timeouts: &securitylake.DataLakeTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Update: pulumi.String("string"),
},
})
var dataLakeResource = new DataLake("dataLakeResource", DataLakeArgs.builder()
.metaStoreManagerRoleArn("string")
.configuration(DataLakeConfigurationArgs.builder()
.region("string")
.encryptionConfigurations(DataLakeConfigurationEncryptionConfigurationArgs.builder()
.kmsKeyId("string")
.build())
.lifecycleConfiguration(DataLakeConfigurationLifecycleConfigurationArgs.builder()
.expiration(DataLakeConfigurationLifecycleConfigurationExpirationArgs.builder()
.days(0)
.build())
.transitions(DataLakeConfigurationLifecycleConfigurationTransitionArgs.builder()
.days(0)
.storageClass("string")
.build())
.build())
.replicationConfiguration(DataLakeConfigurationReplicationConfigurationArgs.builder()
.regions("string")
.roleArn("string")
.build())
.build())
.tags(Map.of("string", "string"))
.timeouts(DataLakeTimeoutsArgs.builder()
.create("string")
.delete("string")
.update("string")
.build())
.build());
data_lake_resource = aws.securitylake.DataLake("dataLakeResource",
meta_store_manager_role_arn="string",
configuration={
"region": "string",
"encryption_configurations": [{
"kms_key_id": "string",
}],
"lifecycle_configuration": {
"expiration": {
"days": 0,
},
"transitions": [{
"days": 0,
"storage_class": "string",
}],
},
"replication_configuration": {
"regions": ["string"],
"role_arn": "string",
},
},
tags={
"string": "string",
},
timeouts={
"create": "string",
"delete": "string",
"update": "string",
})
const dataLakeResource = new aws.securitylake.DataLake("dataLakeResource", {
metaStoreManagerRoleArn: "string",
configuration: {
region: "string",
encryptionConfigurations: [{
kmsKeyId: "string",
}],
lifecycleConfiguration: {
expiration: {
days: 0,
},
transitions: [{
days: 0,
storageClass: "string",
}],
},
replicationConfiguration: {
regions: ["string"],
roleArn: "string",
},
},
tags: {
string: "string",
},
timeouts: {
create: "string",
"delete": "string",
update: "string",
},
});
type: aws:securitylake:DataLake
properties:
configuration:
encryptionConfigurations:
- kmsKeyId: string
lifecycleConfiguration:
expiration:
days: 0
transitions:
- days: 0
storageClass: string
region: string
replicationConfiguration:
regions:
- string
roleArn: string
metaStoreManagerRoleArn: string
tags:
string: string
timeouts:
create: string
delete: string
update: string
DataLake Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DataLake resource accepts the following input properties:
- Meta
Store stringManager Role Arn - The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
- Configuration
Data
Lake Configuration - Specify the Region or Regions that will contribute data to the rollup region.
- Dictionary<string, string>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Timeouts
Data
Lake Timeouts
- Meta
Store stringManager Role Arn - The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
- Configuration
Data
Lake Configuration Args - Specify the Region or Regions that will contribute data to the rollup region.
- map[string]string
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Timeouts
Data
Lake Timeouts Args
- meta
Store StringManager Role Arn - The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
- configuration
Data
Lake Configuration - Specify the Region or Regions that will contribute data to the rollup region.
- Map<String,String>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts
Data
Lake Timeouts
- meta
Store stringManager Role Arn - The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
- configuration
Data
Lake Configuration - Specify the Region or Regions that will contribute data to the rollup region.
- {[key: string]: string}
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts
Data
Lake Timeouts
- meta_
store_ strmanager_ role_ arn - The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
- configuration
Data
Lake Configuration Args - Specify the Region or Regions that will contribute data to the rollup region.
- Mapping[str, str]
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts
Data
Lake Timeouts Args
- meta
Store StringManager Role Arn - The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
- configuration Property Map
- Specify the Region or Regions that will contribute data to the rollup region.
- Map<String>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the DataLake resource produces the following output properties:
- Arn string
- ARN of the Data Lake.
- Id string
- The provider-assigned unique ID for this managed resource.
- S3Bucket
Arn string - The ARN for the Amazon Security Lake Amazon S3 bucket.
- Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- Arn string
- ARN of the Data Lake.
- Id string
- The provider-assigned unique ID for this managed resource.
- S3Bucket
Arn string - The ARN for the Amazon Security Lake Amazon S3 bucket.
- map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn String
- ARN of the Data Lake.
- id String
- The provider-assigned unique ID for this managed resource.
- s3Bucket
Arn String - The ARN for the Amazon Security Lake Amazon S3 bucket.
- Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn string
- ARN of the Data Lake.
- id string
- The provider-assigned unique ID for this managed resource.
- s3Bucket
Arn string - The ARN for the Amazon Security Lake Amazon S3 bucket.
- {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn str
- ARN of the Data Lake.
- id str
- The provider-assigned unique ID for this managed resource.
- s3_
bucket_ strarn - The ARN for the Amazon Security Lake Amazon S3 bucket.
- Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn String
- ARN of the Data Lake.
- id String
- The provider-assigned unique ID for this managed resource.
- s3Bucket
Arn String - The ARN for the Amazon Security Lake Amazon S3 bucket.
- Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
Look up Existing DataLake Resource
Get an existing DataLake resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DataLakeState, opts?: CustomResourceOptions): DataLake@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
configuration: Optional[DataLakeConfigurationArgs] = None,
meta_store_manager_role_arn: Optional[str] = None,
s3_bucket_arn: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
timeouts: Optional[DataLakeTimeoutsArgs] = None) -> DataLakefunc GetDataLake(ctx *Context, name string, id IDInput, state *DataLakeState, opts ...ResourceOption) (*DataLake, error)public static DataLake Get(string name, Input<string> id, DataLakeState? state, CustomResourceOptions? opts = null)public static DataLake get(String name, Output<String> id, DataLakeState state, CustomResourceOptions options)resources: _: type: aws:securitylake:DataLake get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- ARN of the Data Lake.
- Configuration
Data
Lake Configuration - Specify the Region or Regions that will contribute data to the rollup region.
- Meta
Store stringManager Role Arn - The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
- S3Bucket
Arn string - The ARN for the Amazon Security Lake Amazon S3 bucket.
- Dictionary<string, string>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Timeouts
Data
Lake Timeouts
- Arn string
- ARN of the Data Lake.
- Configuration
Data
Lake Configuration Args - Specify the Region or Regions that will contribute data to the rollup region.
- Meta
Store stringManager Role Arn - The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
- S3Bucket
Arn string - The ARN for the Amazon Security Lake Amazon S3 bucket.
- map[string]string
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Timeouts
Data
Lake Timeouts Args
- arn String
- ARN of the Data Lake.
- configuration
Data
Lake Configuration - Specify the Region or Regions that will contribute data to the rollup region.
- meta
Store StringManager Role Arn - The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
- s3Bucket
Arn String - The ARN for the Amazon Security Lake Amazon S3 bucket.
- Map<String,String>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeouts
Data
Lake Timeouts
- arn string
- ARN of the Data Lake.
- configuration
Data
Lake Configuration - Specify the Region or Regions that will contribute data to the rollup region.
- meta
Store stringManager Role Arn - The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
- s3Bucket
Arn string - The ARN for the Amazon Security Lake Amazon S3 bucket.
- {[key: string]: string}
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeouts
Data
Lake Timeouts
- arn str
- ARN of the Data Lake.
- configuration
Data
Lake Configuration Args - Specify the Region or Regions that will contribute data to the rollup region.
- meta_
store_ strmanager_ role_ arn - The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
- s3_
bucket_ strarn - The ARN for the Amazon Security Lake Amazon S3 bucket.
- Mapping[str, str]
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeouts
Data
Lake Timeouts Args
- arn String
- ARN of the Data Lake.
- configuration Property Map
- Specify the Region or Regions that will contribute data to the rollup region.
- meta
Store StringManager Role Arn - The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
- s3Bucket
Arn String - The ARN for the Amazon Security Lake Amazon S3 bucket.
- Map<String>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeouts Property Map
Supporting Types
DataLakeConfiguration, DataLakeConfigurationArgs
- Region string
- The AWS Regions where Security Lake is automatically enabled.
- Encryption
Configurations List<DataLake Configuration Encryption Configuration> - Provides encryption details of Amazon Security Lake object.
- Lifecycle
Configuration DataLake Configuration Lifecycle Configuration - Provides lifecycle details of Amazon Security Lake object.
- Replication
Configuration DataLake Configuration Replication Configuration - Provides replication details of Amazon Security Lake object.
- Region string
- The AWS Regions where Security Lake is automatically enabled.
- Encryption
Configurations []DataLake Configuration Encryption Configuration - Provides encryption details of Amazon Security Lake object.
- Lifecycle
Configuration DataLake Configuration Lifecycle Configuration - Provides lifecycle details of Amazon Security Lake object.
- Replication
Configuration DataLake Configuration Replication Configuration - Provides replication details of Amazon Security Lake object.
- region String
- The AWS Regions where Security Lake is automatically enabled.
- encryption
Configurations List<DataLake Configuration Encryption Configuration> - Provides encryption details of Amazon Security Lake object.
- lifecycle
Configuration DataLake Configuration Lifecycle Configuration - Provides lifecycle details of Amazon Security Lake object.
- replication
Configuration DataLake Configuration Replication Configuration - Provides replication details of Amazon Security Lake object.
- region string
- The AWS Regions where Security Lake is automatically enabled.
- encryption
Configurations DataLake Configuration Encryption Configuration[] - Provides encryption details of Amazon Security Lake object.
- lifecycle
Configuration DataLake Configuration Lifecycle Configuration - Provides lifecycle details of Amazon Security Lake object.
- replication
Configuration DataLake Configuration Replication Configuration - Provides replication details of Amazon Security Lake object.
- region str
- The AWS Regions where Security Lake is automatically enabled.
- encryption_
configurations Sequence[DataLake Configuration Encryption Configuration] - Provides encryption details of Amazon Security Lake object.
- lifecycle_
configuration DataLake Configuration Lifecycle Configuration - Provides lifecycle details of Amazon Security Lake object.
- replication_
configuration DataLake Configuration Replication Configuration - Provides replication details of Amazon Security Lake object.
- region String
- The AWS Regions where Security Lake is automatically enabled.
- encryption
Configurations List<Property Map> - Provides encryption details of Amazon Security Lake object.
- lifecycle
Configuration Property Map - Provides lifecycle details of Amazon Security Lake object.
- replication
Configuration Property Map - Provides replication details of Amazon Security Lake object.
DataLakeConfigurationEncryptionConfiguration, DataLakeConfigurationEncryptionConfigurationArgs
- Kms
Key stringId - The id of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object.
- Kms
Key stringId - The id of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object.
- kms
Key StringId - The id of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object.
- kms
Key stringId - The id of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object.
- kms_
key_ strid - The id of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object.
- kms
Key StringId - The id of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object.
DataLakeConfigurationLifecycleConfiguration, DataLakeConfigurationLifecycleConfigurationArgs
- Expiration
Data
Lake Configuration Lifecycle Configuration Expiration - Provides data expiration details of Amazon Security Lake object.
- Transitions
List<Data
Lake Configuration Lifecycle Configuration Transition> - Provides data storage transition details of Amazon Security Lake object.
- Expiration
Data
Lake Configuration Lifecycle Configuration Expiration - Provides data expiration details of Amazon Security Lake object.
- Transitions
[]Data
Lake Configuration Lifecycle Configuration Transition - Provides data storage transition details of Amazon Security Lake object.
- expiration
Data
Lake Configuration Lifecycle Configuration Expiration - Provides data expiration details of Amazon Security Lake object.
- transitions
List<Data
Lake Configuration Lifecycle Configuration Transition> - Provides data storage transition details of Amazon Security Lake object.
- expiration
Data
Lake Configuration Lifecycle Configuration Expiration - Provides data expiration details of Amazon Security Lake object.
- transitions
Data
Lake Configuration Lifecycle Configuration Transition[] - Provides data storage transition details of Amazon Security Lake object.
- expiration
Data
Lake Configuration Lifecycle Configuration Expiration - Provides data expiration details of Amazon Security Lake object.
- transitions
Sequence[Data
Lake Configuration Lifecycle Configuration Transition] - Provides data storage transition details of Amazon Security Lake object.
- expiration Property Map
- Provides data expiration details of Amazon Security Lake object.
- transitions List<Property Map>
- Provides data storage transition details of Amazon Security Lake object.
DataLakeConfigurationLifecycleConfigurationExpiration, DataLakeConfigurationLifecycleConfigurationExpirationArgs
- Days int
- Number of days before data transition to a different S3 Storage Class in the Amazon Security Lake object.
- Days int
- Number of days before data transition to a different S3 Storage Class in the Amazon Security Lake object.
- days Integer
- Number of days before data transition to a different S3 Storage Class in the Amazon Security Lake object.
- days number
- Number of days before data transition to a different S3 Storage Class in the Amazon Security Lake object.
- days int
- Number of days before data transition to a different S3 Storage Class in the Amazon Security Lake object.
- days Number
- Number of days before data transition to a different S3 Storage Class in the Amazon Security Lake object.
DataLakeConfigurationLifecycleConfigurationTransition, DataLakeConfigurationLifecycleConfigurationTransitionArgs
- Days int
- Number of days before data transition to a different S3 Storage Class in the Amazon Security Lake object.
- Storage
Class string - The range of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads.
- Days int
- Number of days before data transition to a different S3 Storage Class in the Amazon Security Lake object.
- Storage
Class string - The range of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads.
- days Integer
- Number of days before data transition to a different S3 Storage Class in the Amazon Security Lake object.
- storage
Class String - The range of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads.
- days number
- Number of days before data transition to a different S3 Storage Class in the Amazon Security Lake object.
- storage
Class string - The range of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads.
- days int
- Number of days before data transition to a different S3 Storage Class in the Amazon Security Lake object.
- storage_
class str - The range of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads.
- days Number
- Number of days before data transition to a different S3 Storage Class in the Amazon Security Lake object.
- storage
Class String - The range of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads.
DataLakeConfigurationReplicationConfiguration, DataLakeConfigurationReplicationConfigurationArgs
- Regions List<string>
- Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different AWS Regions or within the same Region as the source bucket.
- Role
Arn string - Replication settings for the Amazon S3 buckets. This parameter uses the AWS Identity and Access Management (IAM) role you created that is managed by Security Lake, to ensure the replication setting is correct.
- Regions []string
- Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different AWS Regions or within the same Region as the source bucket.
- Role
Arn string - Replication settings for the Amazon S3 buckets. This parameter uses the AWS Identity and Access Management (IAM) role you created that is managed by Security Lake, to ensure the replication setting is correct.
- regions List<String>
- Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different AWS Regions or within the same Region as the source bucket.
- role
Arn String - Replication settings for the Amazon S3 buckets. This parameter uses the AWS Identity and Access Management (IAM) role you created that is managed by Security Lake, to ensure the replication setting is correct.
- regions string[]
- Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different AWS Regions or within the same Region as the source bucket.
- role
Arn string - Replication settings for the Amazon S3 buckets. This parameter uses the AWS Identity and Access Management (IAM) role you created that is managed by Security Lake, to ensure the replication setting is correct.
- regions Sequence[str]
- Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different AWS Regions or within the same Region as the source bucket.
- role_
arn str - Replication settings for the Amazon S3 buckets. This parameter uses the AWS Identity and Access Management (IAM) role you created that is managed by Security Lake, to ensure the replication setting is correct.
- regions List<String>
- Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different AWS Regions or within the same Region as the source bucket.
- role
Arn String - Replication settings for the Amazon S3 buckets. This parameter uses the AWS Identity and Access Management (IAM) role you created that is managed by Security Lake, to ensure the replication setting is correct.
DataLakeTimeouts, DataLakeTimeoutsArgs
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
Import
Using pulumi import, import Security Hub standards subscriptions using the standards subscription ARN. For example:
$ pulumi import aws:securitylake/dataLake:DataLake example arn:aws:securitylake:eu-west-1:123456789012:data-lake/default
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.