Package software.amazon.awscdk.services.securitylake

Class CfnDataLake

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.securitylake.CfnDataLake
All Implemented Interfaces:
IEnvironmentAware, IInspectable, ITaggableV2, IDataLakeRef, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.118.0 (build 02eec31)", date="2025-11-04T09:27:50.370Z") @Stability(Stable) public class CfnDataLake extends CfnResource implements IInspectable, IDataLakeRef, ITaggableV2
Initializes an Amazon Security Lake instance with the provided (or default) configuration.

You can enable Security Lake in AWS Regions with customized settings before enabling log collection in Regions. To specify particular Regions, configure these Regions using the configurations parameter. If you have already enabled Security Lake in a Region when you call this command, the command will update the Region if you provide new configuration parameters. If you have not already enabled Security Lake in the Region when you call this API, it will set up the data lake in the Region with the specified configurations.

When you enable Security Lake , it starts ingesting security data after the CreateAwsLogSource call. This includes ingesting security data from sources, storing data, and making data accessible to subscribers. Security Lake also enables all the existing settings and resources that it stores or maintains for your AWS account in the current Region, including security log and event data. For more information, see the Amazon Security Lake User Guide .

If you use this template to create multiple data lakes in different AWS Regions , and more than one of your data lakes include an AWS::SecurityLake::AwsLogSource resource, then you must deploy these data lakes sequentially. This is required because data lakes operate globally, and AwsLogSource resources must be deployed one at a time.

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.securitylake.*;
 CfnDataLake cfnDataLake = CfnDataLake.Builder.create(this, "MyCfnDataLake")
         .encryptionConfiguration(EncryptionConfigurationProperty.builder()
                 .kmsKeyId("kmsKeyId")
                 .build())
         .lifecycleConfiguration(LifecycleConfigurationProperty.builder()
                 .expiration(ExpirationProperty.builder()
                         .days(123)
                         .build())
                 .transitions(List.of(TransitionsProperty.builder()
                         .days(123)
                         .storageClass("storageClass")
                         .build()))
                 .build())
         .metaStoreManagerRoleArn("metaStoreManagerRoleArn")
         .replicationConfiguration(ReplicationConfigurationProperty.builder()
                 .regions(List.of("regions"))
                 .roleArn("roleArn")
                 .build())
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build();

See Also:

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnDataLake

      protected CfnDataLake(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnDataLake

      protected CfnDataLake(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnDataLake

      @Stability(Stable) public CfnDataLake(@NotNull software.constructs.Construct scope, @NotNull String id, @Nullable CfnDataLakeProps props)
      Parameters:
      scope - Scope in which this resource is defined. This parameter is required.
      id - Construct identifier for this resource (unique in its scope). This parameter is required.
      props - Resource properties.

    • CfnDataLake

      @Stability(Stable) public CfnDataLake(@NotNull software.constructs.Construct scope, @NotNull String id)
      Parameters:
      scope - Scope in which this resource is defined. This parameter is required.
      id - Construct identifier for this resource (unique in its scope). This parameter is required.

  • Method Details

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector - tree inspector to collect and process attributes. This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAttrArn

      @Stability(Stable) @NotNull public String getAttrArn()
      The Amazon Resource Name (ARN) of the data lake.

    • getAttrS3BucketArn

      @Stability(Stable) @NotNull public String getAttrS3BucketArn()
      The Amazon Resource Name (ARN) of the Amazon S3 bucket.

    • getCdkTagManager

      @Stability(Stable) @NotNull public TagManager getCdkTagManager()
      Tag Manager which manages the tags for this resource.
      Specified by:
      getCdkTagManager in interface ITaggableV2

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getDataLakeRef

      @Stability(Stable) @NotNull public DataLakeReference getDataLakeRef()
      A reference to a DataLake resource.
      Specified by:
      getDataLakeRef in interface IDataLakeRef

    • getEncryptionConfiguration

      @Stability(Stable) @Nullable public Object getEncryptionConfiguration()
      Provides encryption details of the Amazon Security Lake object.

      Returns union: either IResolvable or CfnDataLake.EncryptionConfigurationProperty

    • setEncryptionConfiguration

      @Stability(Stable) public void setEncryptionConfiguration(@Nullable IResolvable value)
      Provides encryption details of the Amazon Security Lake object.

    • setEncryptionConfiguration

      @Stability(Stable) public void setEncryptionConfiguration(@Nullable CfnDataLake.EncryptionConfigurationProperty value)
      Provides encryption details of the Amazon Security Lake object.

    • getLifecycleConfiguration

      @Stability(Stable) @Nullable public Object getLifecycleConfiguration()
      You can customize Security Lake to store data in your preferred AWS Regions for your preferred amount of time.

      Returns union: either IResolvable or CfnDataLake.LifecycleConfigurationProperty

    • setLifecycleConfiguration

      @Stability(Stable) public void setLifecycleConfiguration(@Nullable IResolvable value)
      You can customize Security Lake to store data in your preferred AWS Regions for your preferred amount of time.

    • setLifecycleConfiguration

      @Stability(Stable) public void setLifecycleConfiguration(@Nullable CfnDataLake.LifecycleConfigurationProperty value)
      You can customize Security Lake to store data in your preferred AWS Regions for your preferred amount of time.

    • getMetaStoreManagerRoleArn

      @Stability(Stable) @Nullable public String getMetaStoreManagerRoleArn()
      The Amazon Resource Name (ARN) used to create and update the AWS Glue table.

    • setMetaStoreManagerRoleArn

      @Stability(Stable) public void setMetaStoreManagerRoleArn(@Nullable String value)
      The Amazon Resource Name (ARN) used to create and update the AWS Glue table.

    • getReplicationConfiguration

      @Stability(Stable) @Nullable public Object getReplicationConfiguration()
      Provides replication details of Amazon Security Lake object.

      Returns union: either IResolvable or CfnDataLake.ReplicationConfigurationProperty

    • setReplicationConfiguration

      @Stability(Stable) public void setReplicationConfiguration(@Nullable IResolvable value)
      Provides replication details of Amazon Security Lake object.

    • setReplicationConfiguration

      @Stability(Stable) public void setReplicationConfiguration(@Nullable CfnDataLake.ReplicationConfigurationProperty value)
      Provides replication details of Amazon Security Lake object.

    • getTags

      @Stability(Stable) @Nullable public List<CfnTag> getTags()
      An array of objects, one for each tag to associate with the data lake configuration.

    • setTags

      @Stability(Stable) public void setTags(@Nullable List<CfnTag> value)
      An array of objects, one for each tag to associate with the data lake configuration.