AWS Fundamentals Logo
AWS Fundamentals
L1 ConstructAWS::SecurityLake::DataLake

CfnDataLake

Initializes an Amazon Security Lake instance with the provided (or default) configuration. You can enable Security Lake in AWS Regions with customized settings before enabling log collection in Regions. To specify particular Regions, configure these Regions using the `configurations` parameter. If you have already enabled Security Lake in a Region when you call this command, the command will update the Region if you provide new configuration parameters. If you have not already enabled Security Lake in the Region when you call this API, it will set up the data lake in the Region with the specified configurations. When you enable Security Lake , it starts ingesting security data after the `CreateAwsLogSource` call. This includes ingesting security data from sources, storing data, and making data accessible to subscribers. Security Lake also enables all the existing settings and resources that it stores or maintains for your AWS account in the current Region, including security log and event data. For more information, see the [Amazon Security Lake User Guide](https://docs.aws.amazon.com//security-lake/latest/userguide/what-is-security-lake.html) . > If you use this template to create multiple data lakes in different AWS Regions , and more than one of your data lakes include an [AWS::SecurityLake::AwsLogSource](https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-awslogsource.html) resource, then you must deploy these data lakes sequentially. This is required because data lakes operate globally, and `AwsLogSource` resources must be deployed one at a time.

Import

import { CfnDataLake } from 'aws-cdk-lib/aws-securitylake';

Or use the module namespace:

import * as securitylake from 'aws-cdk-lib/aws-securitylake';
// securitylake.CfnDataLake

Properties

Configuration passed to the constructor as CfnDataLakeProps.

encryptionConfigurationOptional
IResolvable | EncryptionConfigurationProperty

Provides encryption details of the Amazon Security Lake object.

lifecycleConfigurationOptional
IResolvable | LifecycleConfigurationProperty

You can customize Security Lake to store data in your preferred AWS Regions for your preferred amount of time. Lifecycle management can help you comply with different compliance requirements. For more details, see [Lifecycle management](https://docs.aws.amazon.com//security-lake/latest/userguide/lifecycle-management.html) in the Amazon Security Lake User Guide.

metaStoreManagerRoleArnOptional
string

The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.

replicationConfigurationOptional
IResolvable | ReplicationConfigurationProperty

Provides replication details of Amazon Security Lake object.

tagsOptional
CfnTag[]

An array of objects, one for each tag to associate with the data lake configuration. For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string.

CloudFormation Resource

This L1 construct maps directly to the following CloudFormation resource type.

AWS::SecurityLake::DataLakeView in CloudFormation Explorer

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

LevelL1 (CloudFormation)
Moduleaws-securitylake
CFN TypeAWS::SecurityLake::DataLake
Properties5

Related Constructs

Explore This Service

External Links