Custom
Resource for managing an AWS Security Lake Custom Log Source.
NOTE: The underlying
aws.securitylake.DataLakemust be configured before creating theaws.securitylake.CustomLogSource. Use adepends_onstatement.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.securitylake.CustomLogSource("example", {
sourceName: "example-name",
sourceVersion: "1.0",
eventClasses: ["FILE_ACTIVITY"],
configuration: {
crawlerConfiguration: {
roleArn: customLog.arn,
},
providerIdentity: {
externalId: "example-id",
principal: "123456789012",
},
},
}, {
dependsOn: [exampleAwsSecuritylakeDataLake],
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.securitylake.CustomLogSource("example",
source_name="example-name",
source_version="1.0",
event_classes=["FILE_ACTIVITY"],
configuration={
"crawler_configuration": {
"role_arn": custom_log["arn"],
},
"provider_identity": {
"external_id": "example-id",
"principal": "123456789012",
},
},
opts = pulumi.ResourceOptions(depends_on=[example_aws_securitylake_data_lake]))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.SecurityLake.CustomLogSource("example", new()
{
SourceName = "example-name",
SourceVersion = "1.0",
EventClasses = new[]
{
"FILE_ACTIVITY",
},
Configuration = new Aws.SecurityLake.Inputs.CustomLogSourceConfigurationArgs
{
CrawlerConfiguration = new Aws.SecurityLake.Inputs.CustomLogSourceConfigurationCrawlerConfigurationArgs
{
RoleArn = customLog.Arn,
},
ProviderIdentity = new Aws.SecurityLake.Inputs.CustomLogSourceConfigurationProviderIdentityArgs
{
ExternalId = "example-id",
Principal = "123456789012",
},
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleAwsSecuritylakeDataLake,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securitylake"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securitylake.NewCustomLogSource(ctx, "example", &securitylake.CustomLogSourceArgs{
SourceName: pulumi.String("example-name"),
SourceVersion: pulumi.String("1.0"),
EventClasses: pulumi.StringArray{
pulumi.String("FILE_ACTIVITY"),
},
Configuration: &securitylake.CustomLogSourceConfigurationArgs{
CrawlerConfiguration: &securitylake.CustomLogSourceConfigurationCrawlerConfigurationArgs{
RoleArn: pulumi.Any(customLog.Arn),
},
ProviderIdentity: &securitylake.CustomLogSourceConfigurationProviderIdentityArgs{
ExternalId: pulumi.String("example-id"),
Principal: pulumi.String("123456789012"),
},
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleAwsSecuritylakeDataLake,
}))
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.securitylake.CustomLogSource;
import com.pulumi.aws.securitylake.CustomLogSourceArgs;
import com.pulumi.aws.securitylake.inputs.CustomLogSourceConfigurationArgs;
import com.pulumi.aws.securitylake.inputs.CustomLogSourceConfigurationCrawlerConfigurationArgs;
import com.pulumi.aws.securitylake.inputs.CustomLogSourceConfigurationProviderIdentityArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new CustomLogSource("example", CustomLogSourceArgs.builder()
.sourceName("example-name")
.sourceVersion("1.0")
.eventClasses("FILE_ACTIVITY")
.configuration(CustomLogSourceConfigurationArgs.builder()
.crawlerConfiguration(CustomLogSourceConfigurationCrawlerConfigurationArgs.builder()
.roleArn(customLog.arn())
.build())
.providerIdentity(CustomLogSourceConfigurationProviderIdentityArgs.builder()
.externalId("example-id")
.principal("123456789012")
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(exampleAwsSecuritylakeDataLake)
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:securitylake:CustomLogSource
properties:
sourceName: example-name
sourceVersion: '1.0'
eventClasses:
- FILE_ACTIVITY
configuration:
crawlerConfiguration:
roleArn: ${customLog.arn}
providerIdentity:
externalId: example-id
principal: '123456789012'
options:
dependsOn:
- ${exampleAwsSecuritylakeDataLake}Content copied to clipboard
Import
Using pulumi import, import Custom log sources using the source name. For example:
$ pulumi import aws:securitylake/customLogSource:CustomLogSource example example-nameContent copied to clipboard
Properties
Link copied to clipboard
The attributes of a third-party custom source.
Link copied to clipboard
The configuration for the third-party custom source.
Link copied to clipboard
The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake.
Link copied to clipboard
The details of the log provider for a third-party custom source.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Specify the name for a third-party custom source. This must be a Regionally unique value. Has a maximum length of 20.
Link copied to clipboard
Specify the source version for the third-party custom source, to limit log collection to a specific version of custom data source.