本文档仅适用于 AWS CLI 版本 1。有关 AWS CLI 版本 2 的相关文档,请参阅版本 2 用户指南。
使用 AWS CLI 的 Security Lake 示例
以下代码示例演示了如何通过将 AWS Command Line Interface与 Security Lake 结合使用,来执行操作和实现常见场景。
操作是大型程序的代码摘录,必须在上下文中运行。您可以通过操作了解如何调用单个服务函数,还可以通过函数相关场景的上下文查看操作。
每个示例都包含一个指向完整源代码的链接,您可以从中找到有关如何在上下文中设置和运行代码的说明。
主题
操作
以下代码示例演示了如何使用 create-aws-logsource。
- AWS CLI
-
将原生支持的 Amazon Web Service 添加为 Amazon Security Lake 源
以下
create-aws-logsource示例在指定账户和区域中添加 VPC 流日志作为 Security Lake 源。aws securitylake create-aws-log-source \ --sources '[{"regions": ["us-east-1"], "accounts": ["123456789012"], "sourceName": "SH_FINDINGS", "sourceVersion": "2.0"}]'输出:
{ "failed": [ "123456789012" ] }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的添加 AWS 服务作为源。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 CreateAwsLogsource
。
-
以下代码示例演示了如何使用 create-custom-logsource。
- AWS CLI
-
将自定义源添加为 Amazon Security Lake 源
以下
create-custom-logsource示例在指定日志提供商账户和指定区域中添加自定义源作为 Security Lake 源。aws securitylake create-custom-log-source \ --source-name"VPC_FLOW"\ --event-classes '["DNS_ACTIVITY", "NETWORK_ACTIVITY"]' \ --configuration '{"crawlerConfiguration": {"roleArn": "arn:aws:glue:eu-west-2:123456789012:crawler/E1WG1ZNPRXT0D4"},"providerIdentity": {"principal": "029189416600","externalId": "123456789012"}}' --region"us-east-1"输出:
{ "customLogSource": { "attributes": { "crawlerArn": "arn:aws:glue:eu-west-2:123456789012:crawler/E1WG1ZNPRXT0D4", "databaseArn": "arn:aws:glue:eu-west-2:123456789012:database/E1WG1ZNPRXT0D4", "tableArn": "arn:aws:glue:eu-west-2:123456789012:table/E1WG1ZNPRXT0D4" }, "provider": { "location": "DOC-EXAMPLE-BUCKET--usw2-az1--x-s3", "roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-Provider-testCustom2-eu-west-2" }, "sourceName": "testCustom2" "sourceVersion": "2.0" } }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的添加自定义源。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 CreateCustomLogsource
。
-
以下代码示例演示了如何使用 create-data-lake-exception-subscription。
- AWS CLI
-
发送 Security Lake 异常通知
以下
create-data-lake-exception-subscription示例通过短信向指定账户发送有关 Security Lake 异常的通知。异常消息将在指定时间段内保留。aws securitylake create-data-lake-exception-subscription \ --notification-endpoint"123456789012"\ --exception-time-to-live30\ --subscription-protocol"sms"此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》中的 Amazon Security Lake 故障排除。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 CreateDataLakeExceptionSubscription
。
-
以下代码示例演示了如何使用 create-data-lake-organization-configuration。
- AWS CLI
-
在新组织账户中配置 Security Lake
以下
create-data-lake-organization-configuration示例启用 Security Lake 以及新组织账户中指定源事件和日志的收集。aws securitylake create-data-lake-organization-configuration \ --auto-enable-new-account '[{"region":"us-east-1","sources":[{"sourceName":"SH_FINDINGS","sourceVersion": "1.0"}]}]'此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》中的使用 AWS Organizations 管理多个账户。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 CreateDataLakeOrganizationConfiguration
。
-
以下代码示例演示了如何使用 create-data-lake。
- AWS CLI
-
示例 1:在多个区域配置数据湖
以下
create-data-lake示例在多个 AWS 区域启用 Amazon Security Lake 并配置您的数据湖。aws securitylake create-data-lake \ --configurations '[{"encryptionConfiguration": {"kmsKeyId":"S3_MANAGED_KEY"},"region":"us-east-1","lifecycleConfiguration": {"expiration":{"days":365},"transitions":[{"days":60,"storageClass":"ONEZONE_IA"}]}}, {"encryptionConfiguration": {"kmsKeyId":"S3_MANAGED_KEY"},"region":"us-east-2","lifecycleConfiguration": {"expiration":{"days":365},"transitions":[{"days":60,"storageClass":"ONEZONE_IA"}]}}]' \ --meta-store-manager-role-arn"arn:aws:iam:us-east-1:123456789012:role/service-role/AmazonSecurityLakeMetaStoreManager"输出:
{ "dataLakes": [ { "createStatus": "COMPLETED", "dataLakeArn": "arn:aws:securitylake:us-east-1:522481757177:data-lake/default", "encryptionConfiguration": { "kmsKeyId": "S3_MANAGED_KEY" }, "lifecycleConfiguration": { "expiration": { "days": 365 }, "transitions": [ { "days": 60, "storageClass": "ONEZONE_IA" } ] }, "region": "us-east-1", "replicationConfiguration": { "regions": [ "ap-northeast-3" ], "roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default" }, "s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-1-gnevt6s8z7bzby8oi3uiaysbr8v2ml", "updateStatus": { "exception": {}, "requestId": "f20a6450-d24a-4f87-a6be-1d4c075a59c2", "status": "INITIALIZED" } }, { "createStatus": "COMPLETED", "dataLakeArn": "arn:aws:securitylake:us-east-2:522481757177:data-lake/default", "encryptionConfiguration": { "kmsKeyId": "S3_MANAGED_KEY" }, "lifecycleConfiguration": { "expiration": { "days": 365 }, "transitions": [ { "days": 60, "storageClass": "ONEZONE_IA" } ] }, "region": "us-east-2", "replicationConfiguration": { "regions": [ "ap-northeast-3" ], "roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default" }, "s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-2-cehuifzl5rwmhm6m62h7zhvtseogr9", "updateStatus": { "exception": {}, "requestId": "f20a6450-d24a-4f87-a6be-1d4c075a59c2", "status": "INITIALIZED" } } ] }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的 Amazon Security Lake 入门。
示例 2:在单个区域配置数据湖
以下
create-data-lake示例在单个 AWS 区域启用 Amazon Security Lake 并配置您的数据湖。aws securitylake create-data-lake \ --configurations '[{"encryptionConfiguration": {"kmsKeyId":"1234abcd-12ab-34cd-56ef-1234567890ab"},"region":"us-east-2","lifecycleConfiguration": {"expiration":{"days":500},"transitions":[{"days":30,"storageClass":"GLACIER"}]}}]' \ --meta-store-manager-role-arn"arn:aws:iam:us-east-1:123456789012:role/service-role/AmazonSecurityLakeMetaStoreManager"输出:
{ "dataLakes": [ { "createStatus": "COMPLETED", "dataLakeArn": "arn:aws:securitylake:us-east-2:522481757177:data-lake/default", "encryptionConfiguration": { "kmsKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "lifecycleConfiguration": { "expiration": { "days": 500 }, "transitions": [ { "days": 30, "storageClass": "GLACIER" } ] }, "region": "us-east-2", "replicationConfiguration": { "regions": [ "ap-northeast-3" ], "roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default" }, "s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-2-cehuifzl5rwmhm6m62h7zhvtseogr9", "updateStatus": { "exception": {}, "requestId": "77702a53-dcbf-493e-b8ef-518e362f3003", "status": "INITIALIZED" } } ] }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的 Amazon Security Lake 入门。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 CreateDataLake
。
-
以下代码示例演示了如何使用 create-subscriber-data-access。
- AWS CLI
-
创建具有数据访问权限的订阅用户
以下
create-subscriber示例在 Security Lake 中创建一个订阅用户,该订阅用户可以访问当前 AWS 区域中为 AWS 源指定的订阅用户身份数据。aws securitylake create-subscriber \ --access-types"S3"\ --sources '[{"awsLogSource": {"sourceName": "VPC_FLOW","sourceVersion": "2.0"}}]' \ --subscriber-name"opensearch-s3"\ --subscriber-identity '{"principal": "029189416600","externalId": "123456789012"}'输出:
{ "subscriber": { "accessTypes": [ "S3" ], "createdAt": "2024-07-17T19:08:26.787000+00:00", "roleArn": "arn:aws:iam::773172568199:role/AmazonSecurityLake-896f218b-cfba-40be-a255-8b49a65d0407", "s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-1-um632ufwpvxkyz0bc5hkb64atycnf3", "sources": [ { "awsLogSource": { "sourceName": "VPC_FLOW", "sourceVersion": "2.0" } } ], "subscriberArn": "arn:aws:securitylake:us-east-1:773172568199:subscriber/896f218b-cfba-40be-a255-8b49a65d0407", "subscriberId": "896f218b-cfba-40be-a255-8b49a65d0407", "subscriberIdentity": { "externalId": "123456789012", "principal": "029189416600" }, "subscriberName": "opensearch-s3", "subscriberStatus": "ACTIVE", "updatedAt": "2024-07-17T19:08:27.133000+00:00" } }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的创建具有数据访问权限的订阅用户。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 CreateSubscriberDataAccess
。
-
以下代码示例演示了如何使用 create-subscriber-notification。
- AWS CLI
-
创建订阅用户通知
以下
create-subscriber-notification示例说明如何指定订阅用户通知,以便在向数据湖写入新数据时创建通知。aws securitylake create-subscriber-notification \ --subscriber-id"12345ab8-1a34-1c34-1bd4-12345ab9012"\ --configuration '{"httpsNotificationConfiguration": {"targetRoleArn":"arn:aws:iam::XXX:role/service-role/RoleName", "endpoint":"https://account-management.$3.$2.securitylake.aws.dev/v1/datalake"}}'输出:
{ "subscriberEndpoint": [ "https://account-management.$3.$2.securitylake.aws.dev/v1/datalake" ] }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的订阅用户管理。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 CreateSubscriberNotification
。
-
以下代码示例演示了如何使用 create-subscriber-query-access。
- AWS CLI
-
创建具有查询访问权限的订阅用户
以下
create-subscriber示例在 Security Lake 中为指定的订阅用户身份创建一个在当前 AWS 区域具有查询访问权限的订阅用户。aws securitylake create-subscriber \ --access-types"LAKEFORMATION"\ --sources '[{"awsLogSource": {"sourceName": "VPC_FLOW","sourceVersion": "2.0"}}]' \ --subscriber-name"opensearch-s3"\ --subscriber-identity '{"principal": "029189416600","externalId": "123456789012"}'输出:
{ "subscriber": { "accessTypes": [ "LAKEFORMATION" ], "createdAt": "2024-07-18T01:05:55.853000+00:00", "resourceShareArn": "arn:aws:ram:us-east-1:123456789012:resource-share/8c31da49-c224-4f1e-bb12-37ab756d6d8a", "resourceShareName": "LakeFormation-V2-NAMENAMENA-123456789012", "sources": [ { "awsLogSource": { "sourceName": "VPC_FLOW", "sourceVersion": "2.0" } } ], "subscriberArn": "arn:aws:securitylake:us-east-1:123456789012:subscriber/e762aabb-ce3d-4585-beab-63474597845d", "subscriberId": "e762aabb-ce3d-4585-beab-63474597845d", "subscriberIdentity": { "externalId": "123456789012", "principal": "029189416600" }, "subscriberName": "opensearch-s3", "subscriberStatus": "ACTIVE", "updatedAt": "2024-07-18T01:05:58.393000+00:00" } }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的创建具有查询访问权限的订阅用户。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 CreateSubscriberQueryAccess
。
-
以下代码示例演示了如何使用 delete-aws-logsource。
- AWS CLI
-
移除原生支持的 AWS 服务
以下
delete-aws-logsource示例在指定账户和区域中删除 VPC 流日志作为 Security Lake 源。aws securitylake delete-aws-log-source \ --sources '[{"regions": ["us-east-1"], "accounts": ["123456789012"], "sourceName": "SH_FINDINGS", "sourceVersion": "2.0"}]'输出:
{ "failed": [ "123456789012" ] }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的移除 AWS 服务作为源。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 DeleteAwsLogsource
。
-
以下代码示例演示了如何使用 delete-custom-logsource。
- AWS CLI
-
移除自定义源
以下
delete-custom-logsource示例在指定日志提供商账户和指定区域中删除自定义源。aws securitylake delete-custom-log-source \ --source-name"CustomSourceName"此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》中的删除自定义源。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 DeleteCustomLogsource
。
-
以下代码示例演示了如何使用 delete-data-lake-organization-configuration。
- AWS CLI
-
停止在成员账户中自动收集源
以下
delete-data-lake-organization-configuration示例停止从加入组织的新成员账户中自动收集 AWS Security Hub 调查发现。只有委托的 Security Lake 管理员才能运行此命令。它可以防止新成员账户自动向数据湖提供数据。aws securitylake delete-data-lake-organization-configuration \ --auto-enable-new-account '[{"region":"us-east-1","sources":[{"sourceName":"SH_FINDINGS"}]}]'此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》中的使用 AWS Organizations 管理多个账户。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 DeleteDataLakeOrganizationConfiguration
。
-
以下代码示例演示了如何使用 delete-data-lake。
- AWS CLI
-
禁用您的数据湖
以下
delete-data-lake示例在指定 AWS 区域禁用您的数据湖。在指定的区域中,源不再向数据湖提供数据。对于利用 AWS Organizations 的 Security Lake 部署,只有该组织的委托 Security Lake 管理员才能为组织中的账户禁用 Security Lake。aws securitylake delete-data-lake \ --regions"ap-northeast-1""eu-central-1"此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》中的禁用 Amazon Security Lake。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 DeleteDataLake
。
-
以下代码示例演示了如何使用 delete-subscriber-notification。
- AWS CLI
-
删除订阅用户通知
以下
delete-subscriber-notification示例说明如何删除特定 Security Lake 订阅用户的订阅用户通知。aws securitylake delete-subscriber-notification \ --subscriber-id"a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》中的订阅用户管理。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 DeleteSubscriberNotification
。
-
以下代码示例演示了如何使用 delete-subscriber。
- AWS CLI
-
删除订阅用户
以下
delete-subscriber示例说明如果您不再希望某个订阅用户访问 Security Lake 中的数据,如何移除该订阅用户。aws securitylake delete-subscriber \ --subscriber-id"a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》中的订阅用户管理。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 DeleteSubscriber
。
-
以下代码示例演示了如何使用 get-data-lake-exception-subscription。
- AWS CLI
-
获取有关异常订阅的详细信息
以下
get-data-lake-exception-subscription示例提供有关 Security Lake 异常订阅的详细信息。在此示例中,指定 AWS 账户的用户会通过短信收到错误通知。异常消息将在指定时间段内保留在账户中。异常订阅会通过请求者的首选协议向 Security Lake 用户通报错误。aws securitylake get-data-lake-exception-subscription输出:
{ "exceptionTimeToLive": 30, "notificationEndpoint": "123456789012", "subscriptionProtocol": "sms" }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的数据湖状态故障排除。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 GetDataLakeExceptionSubscription
。
-
以下代码示例演示了如何使用 get-data-lake-organization-configuration。
- AWS CLI
-
获取有关新组织账户配置的详细信息
以下
get-data-lake-organization-configuration示例检索有关新组织账户在加入 Amazon Security Lake 后将发送的源日志的详细信息。aws securitylake get-data-lake-organization-configuration输出:
{ "autoEnableNewAccount": [ { "region": "us-east-1", "sources": [ { "sourceName": "VPC_FLOW", "sourceVersion": "1.0" }, { "sourceName": "ROUTE53", "sourceVersion": "1.0" }, { "sourceName": "SH_FINDINGS", "sourceVersion": "1.0" } ] } ] }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的使用 AWS Organizations 管理多个账户。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 GetDataLakeOrganizationConfiguration
。
-
以下代码示例演示了如何使用 get-data-lake-sources。
- AWS CLI
-
获取日志收集的状态
以下
get-data-lake-sources示例获取当前 AWS 区域中指定账户的日志收集快照。该账户已启用 Amazon Security Lake。aws securitylake get-data-lake-sources \ --accounts"123456789012"输出:
{ "dataLakeSources": [ { "account": "123456789012", "sourceName": "SH_FINDINGS", "sourceStatuses": [ { "resource": "vpc-1234567890abcdef0", "status": "COLLECTING" } ] }, { "account": "123456789012", "sourceName": "VPC_FLOW", "sourceStatuses": [ { "resource": "vpc-1234567890abcdef0", "status": "NOT_COLLECTING" } ] }, { "account": "123456789012", "sourceName": "LAMBDA_EXECUTION", "sourceStatuses": [ { "resource": "vpc-1234567890abcdef0", "status": "COLLECTING" } ] }, { "account": "123456789012", "sourceName": "ROUTE53", "sourceStatuses": [ { "resource": "vpc-1234567890abcdef0", "status": "COLLECTING" } ] }, { "account": "123456789012", "sourceName": "CLOUD_TRAIL_MGMT", "sourceStatuses": [ { "resource": "vpc-1234567890abcdef0", "status": "COLLECTING" } ] } ], "dataLakeArn": null }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的从 AWS 服务收集数据。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 GetDataLakeSources
。
-
以下代码示例演示了如何使用 get-subscriber。
- AWS CLI
-
检索订阅信息
以下
get-subscriber示例检索指定 Securiy Lake 订阅用户的订阅信息。aws securitylake get-subscriber \ --subscriber-ida1b2c3d4-5678-90ab-cdef-EXAMPLE11111输出:
{ "subscriber": { "accessTypes": [ "LAKEFORMATION" ], "createdAt": "2024-04-19T15:19:44.421803+00:00", "resourceShareArn": "arn:aws:ram:eu-west-2:123456789012:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "resourceShareName": "LakeFormation-V3-TKJGBHCKTZ-123456789012", "sources": [ { "awsLogSource": { "sourceName": "LAMBDA_EXECUTION", "sourceVersion": "1.0" } }, { "awsLogSource": { "sourceName": "EKS_AUDIT", "sourceVersion": "2.0" } }, { "awsLogSource": { "sourceName": "ROUTE53", "sourceVersion": "1.0" } }, { "awsLogSource": { "sourceName": "SH_FINDINGS", "sourceVersion": "1.0" } }, { "awsLogSource": { "sourceName": "VPC_FLOW", "sourceVersion": "1.0" } }, { "customLogSource": { "attributes": { "crawlerArn": "arn:aws:glue:eu-west-2:123456789012:crawler/testCustom2", "databaseArn": "arn:aws:glue:eu-west-2:123456789012:database/amazon_security_lake_glue_db_eu_west_2", "tableArn": "arn:aws:glue:eu-west-2:123456789012:table/amazon_security_lake_table_eu_west_2_ext_testcustom2" }, "provider": { "location": "s3://aws-security-data-lake-eu-west-2-8ugsus4ztnsfpjbldwbgf4vge98av9/ext/testCustom2/", "roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-Provider-testCustom2-eu-west-2" }, "sourceName": "testCustom2" } }, { "customLogSource": { "attributes": { "crawlerArn": "arn:aws:glue:eu-west-2:123456789012:crawler/TestCustom", "databaseArn": "arn:aws:glue:eu-west-2:123456789012:database/amazon_security_lake_glue_db_eu_west_2", "tableArn": "arn:aws:glue:eu-west-2:123456789012:table/amazon_security_lake_table_eu_west_2_ext_testcustom" }, "provider": { "location": "s3://aws-security-data-lake-eu-west-2-8ugsus4ztnsfpjbldwbgf4vge98av9/ext/TestCustom/", "roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-Provider-TestCustom-eu-west-2" }, "sourceName": "TestCustom" } } ], "subscriberArn": "arn:aws:securitylake:eu-west-2:123456789012:subscriber/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "subscriberId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "subscriberIdentity": { "externalId": "123456789012", "principal": "123456789012" }, "subscriberName": "test", "subscriberStatus": "ACTIVE", "updatedAt": "2024-04-19T15:19:55.230588+00:00" } }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的订阅用户管理。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 GetSubscriber
。
-
以下代码示例演示了如何使用 list-data-lake-exceptions。
- AWS CLI
-
列出影响您数据湖的问题
以下
list-data-lake-exceptions示例列出在过去 14 天内在指定 AWS 区域中影响您数据湖的问题。aws securitylake list-data-lake-exceptions \ --regions"us-east-1""eu-west-3"输出:
{ "exceptions": [ { "exception": "The account does not have the required role permissions. Update your role permissions to use the new data source version.", "region": "us-east-1", "timestamp": "2024-02-29T12:24:15.641725+00:00" }, { "exception": "The account does not have the required role permissions. Update your role permissions to use the new data source version.", "region": "eu-west-3", "timestamp": "2024-02-29T12:24:15.641725+00:00" } ] }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的 Amazon Security Lake 故障排除。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 ListDataLakeExceptions
。
-
以下代码示例演示了如何使用 list-data-lakes。
- AWS CLI
-
列出 Security Lake 配置对象
以下
list-data-lakes示例列出指定 AWS 区域的 Amazon Security Lake 配置对象。您可以使用此命令来确定是否在指定区域中启用了 Security Lake。aws securitylake list-data-lakes \ --regions"us-east-1"输出:
{ "dataLakes": [ { "createStatus": "COMPLETED", "dataLakeArn": "arn:aws:securitylake:us-east-1:123456789012:data-lake/default", "encryptionConfiguration": { "kmsKeyId": "S3_MANAGED_KEY" }, "lifecycleConfiguration": { "expiration": { "days": 365 }, "transitions": [ { "days": 60, "storageClass": "ONEZONE_IA" } ] }, "region": "us-east-1", "replicationConfiguration": { "regions": [ "ap-northeast-3" ], "roleArn": "arn:aws:securitylake:ap-northeast-3:123456789012:data-lake/default" }, "s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-1-1234567890abcdef0", "updateStatus": { "exception": { "code": "software.amazon.awssdk.services.s3.model.S3Exception", "reason": "" }, "requestId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "status": "FAILED" } } ] }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的检查区域状态。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 ListDataLakes
。
-
以下代码示例演示了如何使用 list-log-sources。
- AWS CLI
-
检索 Amazon Security Lake 日志源
以下
list-log-sources示例列出指定账户中的 Amazon Security Lake 日志源。aws securitylake list-log-sources \ --accounts"123456789012"输出:
{ "account": "123456789012", "region": "xy-region-1", "sources": [ { "awsLogSource": { "sourceName": "VPC_FLOW", "sourceVersion": "2.0" } }, { "awsLogSource": { "sourceName": "SH_FINDINGS", "sourceVersion": "2.0" } } ] }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的源管理。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 ListLogSources
。
-
以下代码示例演示了如何使用 list-subscribers。
- AWS CLI
-
检索 Amazon Security Lake 订阅用户
以下
list-subscribers示例列出指定账户中的所有 Amazon Security Lake 订阅用户。aws securitylake list-subscribers输出:
{ "subscribers": [ { "accessTypes": [ "S3" ], "createdAt": "2024-06-04T15:02:28.921000+00:00", "roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-E1WG1ZNPRXT0D4", "s3BucketArn": "DOC-EXAMPLE-BUCKET--usw2-az1--x-s3", "sources": [ { "awsLogSource": { "sourceName": "CLOUD_TRAIL_MGMT", "sourceVersion": "2.0" } }, { "awsLogSource": { "sourceName": "LAMBDA_EXECUTION", "sourceVersion": "1.0" } }, { "customLogSource": { "attributes": { "crawlerArn": "arn:aws:glue:eu-west-2:123456789012:crawler/E1WG1ZNPRXT0D4", "databaseArn": "arn:aws:glue:eu-west-2:123456789012:database/E1WG1ZNPRXT0D4", "tableArn": "arn:aws:glue:eu-west-2:123456789012:table/E1WG1ZNPRXT0D4" }, "provider": { "location": "DOC-EXAMPLE-BUCKET--usw2-az1--x-s3", "roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-E1WG1ZNPRXT0D4" }, "sourceName": "testCustom2" } } ], "subscriberArn": "arn:aws:securitylake:eu-west-2:123456789012:subscriber/E1WG1ZNPRXT0D4", "subscriberEndpoint": "arn:aws:sqs:eu-west-2:123456789012:AmazonSecurityLake-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111-Main-Queue", "subscriberId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "subscriberIdentity": { "externalId": "ext123456789012", "principal": "123456789012" }, "subscriberName": "Test", "subscriberStatus": "ACTIVE", "updatedAt": "2024-06-04T15:02:35.617000+00:00" } ] }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的订阅用户管理。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 ListSubscribers
。
-
以下代码示例演示了如何使用 list-tags-for-resource。
- AWS CLI
-
列出现有资源的标签
以下
list-tags-for-resource示例列出指定 Amazon Security Lake 订阅用户的标签。在此示例中,“Owner”标签键没有关联的标签值。您也可以使用此操作列出其他现有 Security Lake 资源的标签。aws securitylake list-tags-for-resource \ --resource-arn"arn:aws:securitylake:us-east-1:123456789012:subscriber/1234abcd-12ab-34cd-56ef-1234567890ab"输出:
{ "tags": [ { "key": "Environment", "value": "Cloud" }, { "key": "CostCenter", "value": "12345" }, { "key": "Owner", "value": "" } ] }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的标记 Amazon Security Lake 资源。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 ListTagsForResource
。
-
以下代码示例演示了如何使用 register-data-lake-delegated-administrator。
- AWS CLI
-
指定委托的管理员
以下
register-data-lake-delegated-administrator示例会将指定 AWS 账户指定为委托的 Amazon Security Lake 管理员。aws securitylake register-data-lake-delegated-administrator \ --account-id123456789012此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》中的使用 AWS Organizations 管理多个账户。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 RegisterDataLakeDelegatedAdministrator
。
-
以下代码示例演示了如何使用 tag-resource。
- AWS CLI
-
向现有资源添加标签
以下
tag-resource示例向现有订阅用户资源添加标签。要创建新资源并为其添加一个或多个标签,请不要使用此操作。相反,请针对要创建的资源类型使用相应的“Create”操作。aws securitylake tag-resource \ --resource-arn"arn:aws:securitylake:us-east-1:123456789012:subscriber/1234abcd-12ab-34cd-56ef-1234567890ab"\ --tagskey=Environment,value=Cloud此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》中的标记 Amazon Security Lake 资源。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 TagResource
。
-
以下代码示例演示了如何使用 untag-resource。
- AWS CLI
-
从现有资源中移除标签
以下
untag-resource示例从现有订阅用户资源中移除指定标签。aws securitylake untag-resource \ --resource-arn"arn:aws:securitylake:us-east-1:123456789012:subscriber/1234abcd-12ab-34cd-56ef-1234567890ab"\ --tagsEnvironmentOwner此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》中的标记 Amazon Security Lake 资源。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 UntagResource
。
-
以下代码示例演示了如何使用 update-data-lake-exception-subscription。
- AWS CLI
-
更新 Security Lake 异常的通知订阅
以下
update-data-lake-exception-subscription示例更新通知用户 Security Lake 异常的通知订阅。aws securitylake update-data-lake-exception-subscription \ --notification-endpoint"123456789012"\ --exception-time-to-live30\ --subscription-protocol"email"此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》中的 Amazon Security Lake 故障排除。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 UpdateDataLakeExceptionSubscription
。
-
以下代码示例演示了如何使用 update-data-lake。
- AWS CLI
-
示例 1:更新您的数据湖设置
以下
update-data-lake示例更新您的 Amazon Security Lake 数据湖的设置。您可以使用此操作来指定数据加密、存储和汇总区域设置。aws securitylake update-data-lake \ --configurations '[{"encryptionConfiguration": {"kmsKeyId":"S3_MANAGED_KEY"},"region":"us-east-1","lifecycleConfiguration": {"expiration":{"days":365},"transitions":[{"days":60,"storageClass":"ONEZONE_IA"}]}}, {"encryptionConfiguration": {"kmsKeyId":"S3_MANAGED_KEY"},"region":"us-east-2","lifecycleConfiguration": {"expiration":{"days":365},"transitions":[{"days":60,"storageClass":"ONEZONE_IA"}]}}]' \ --meta-store-manager-role-arn"arn:aws:iam:us-east-1:123456789012:role/service-role/AmazonSecurityLakeMetaStoreManager"输出:
{ "dataLakes": [ { "createStatus": "COMPLETED", "dataLakeArn": "arn:aws:securitylake:us-east-1:522481757177:data-lake/default", "encryptionConfiguration": { "kmsKeyId": "S3_MANAGED_KEY" }, "lifecycleConfiguration": { "expiration": { "days": 365 }, "transitions": [ { "days": 60, "storageClass": "ONEZONE_IA" } ] }, "region": "us-east-1", "replicationConfiguration": { "regions": [ "ap-northeast-3" ], "roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default" }, "s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-1-gnevt6s8z7bzby8oi3uiaysbr8v2ml", "updateStatus": { "exception": {}, "requestId": "f20a6450-d24a-4f87-a6be-1d4c075a59c2", "status": "INITIALIZED" } }, { "createStatus": "COMPLETED", "dataLakeArn": "arn:aws:securitylake:us-east-2:522481757177:data-lake/default", "encryptionConfiguration": { "kmsKeyId": "S3_MANAGED_KEY" }, "lifecycleConfiguration": { "expiration": { "days": 365 }, "transitions": [ { "days": 60, "storageClass": "ONEZONE_IA" } ] }, "region": "us-east-2", "replicationConfiguration": { "regions": [ "ap-northeast-3" ], "roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default" }, "s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-2-cehuifzl5rwmhm6m62h7zhvtseogr9", "updateStatus": { "exception": {}, "requestId": "f20a6450-d24a-4f87-a6be-1d4c075a59c2", "status": "INITIALIZED" } } ] }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的 Amazon Security Lake 入门。
示例 2:在单个区域配置数据湖
以下
create-data-lake示例在单个 AWS 区域启用 Amazon Security Lake 并配置您的数据湖。aws securitylake create-data-lake \ --configurations '[{"encryptionConfiguration": {"kmsKeyId":"1234abcd-12ab-34cd-56ef-1234567890ab"},"region":"us-east-2","lifecycleConfiguration": {"expiration":{"days":500},"transitions":[{"days":30,"storageClass":"GLACIER"}]}}]' \ --meta-store-manager-role-arn"arn:aws:iam:us-east-1:123456789012:role/service-role/AmazonSecurityLakeMetaStoreManager"输出:
{ "dataLakes": [ { "createStatus": "COMPLETED", "dataLakeArn": "arn:aws:securitylake:us-east-2:522481757177:data-lake/default", "encryptionConfiguration": { "kmsKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "lifecycleConfiguration": { "expiration": { "days": 500 }, "transitions": [ { "days": 30, "storageClass": "GLACIER" } ] }, "region": "us-east-2", "replicationConfiguration": { "regions": [ "ap-northeast-3" ], "roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default" }, "s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-2-cehuifzl5rwmhm6m62h7zhvtseogr9", "updateStatus": { "exception": {}, "requestId": "77702a53-dcbf-493e-b8ef-518e362f3003", "status": "INITIALIZED" } } ] }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的 Amazon Security Lake 入门。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 UpdateDataLake
。
-
以下代码示例演示了如何使用 update-subscriber-notification。
- AWS CLI
-
更新订阅用户通知
以下
update-subscriber-notification示例说明如何更新订阅用户的通知。aws securitylake update-subscriber-notification \ --subscriber-id"12345ab8-1a34-1c34-1bd4-12345ab9012"\ --configuration '{"httpsNotificationConfiguration": {"targetRoleArn":"arn:aws:iam::XXX:role/service-role/RoleName", "endpoint":"https://account-management.$3.$2.securitylake.aws.dev/v1/datalake"}}'输出:
{ "subscriberEndpoint": [ "https://account-management.$3.$2.securitylake.aws.dev/v1/datalake" ] }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的订阅用户管理。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 UpdateSubscriberNotification
。
-
以下代码示例演示了如何使用 update-subscriber。
- AWS CLI
-
更新 Amazon Security Lake 订阅用户
以下
update-subscriber示例更新特定 Security Lake 订阅用户的安全湖数据访问源。aws securitylake update-subscriber \ --subscriber-ida1b2c3d4-5678-90ab-cdef-EXAMPLE11111输出:
{ "subscriber": { "accessTypes": [ "LAKEFORMATION" ], "createdAt": "2024-04-19T15:19:44.421803+00:00", "resourceShareArn": "arn:aws:ram:eu-west-2:123456789012:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "resourceShareName": "LakeFormation-V3-TKJGBHCKTZ-123456789012", "sources": [ { "awsLogSource": { "sourceName": "LAMBDA_EXECUTION", "sourceVersion": "1.0" } }, { "awsLogSource": { "sourceName": "EKS_AUDIT", "sourceVersion": "2.0" } }, { "awsLogSource": { "sourceName": "ROUTE53", "sourceVersion": "1.0" } }, { "awsLogSource": { "sourceName": "SH_FINDINGS", "sourceVersion": "1.0" } }, { "awsLogSource": { "sourceName": "VPC_FLOW", "sourceVersion": "1.0" } }, { "customLogSource": { "attributes": { "crawlerArn": "arn:aws:glue:eu-west-2:123456789012:crawler/E1WG1ZNPRXT0D4", "databaseArn": "arn:aws:glue:eu-west-2:123456789012:database/E1WG1ZNPRXT0D4", "tableArn": "arn:aws:glue:eu-west-2:123456789012:table/E1WG1ZNPRXT0D4" }, "provider": { "location": "DOC-EXAMPLE-BUCKET--usw2-az1--x-s3", "roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-E1WG1ZNPRXT0D4" }, "sourceName": "testCustom2" } } ], "subscriberArn": "arn:aws:securitylake:eu-west-2:123456789012:subscriber/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "subscriberId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "subscriberIdentity": { "externalId": "123456789012", "principal": "123456789012" }, "subscriberName": "test", "subscriberStatus": "ACTIVE", "updatedAt": "2024-07-18T20:47:37.098000+00:00" } }有关更多信息,请参阅《Amazon Security Lake 用户指南》中的订阅用户管理。
-
有关 API 详细信息,请参阅《AWS CLI 命令参考》中的 UpdateSubscriber
。
-
