This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::SecurityLake::Subscriber
Creates a subscriber for accounts that are already enabled in Amazon Security Lake. You can create a subscriber with access to data in the current AWS Region.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::SecurityLake::Subscriber", "Properties" : { "AccessTypes" :[ String, ... ], "DataLakeArn" :String, "Sources" :[ Source, ... ], "SubscriberDescription" :String, "SubscriberIdentity" :SubscriberIdentity, "SubscriberName" :String, "Tags" :[ Tag, ... ]} }
YAML
Type: AWS::SecurityLake::Subscriber Properties: AccessTypes:- StringDataLakeArn:StringSources:- SourceSubscriberDescription:StringSubscriberIdentity:SubscriberIdentitySubscriberName:StringTags:- Tag
Properties
- AccessTypes
- 
                    You can choose to notify subscribers of new objects with an Amazon Simple Queue Service (Amazon SQS) queue or through messaging to an HTTPS endpoint provided by the subscriber. Subscribers can consume data by directly querying AWS Lake Formation tables in your Amazon S3 bucket through services like Amazon Athena. This subscription type is defined as LAKEFORMATION.Required: Yes Type: Array of String Allowed values: LAKEFORMATION | S3Minimum: 1Update requires: No interruption 
- DataLakeArn
- 
                    The Amazon Resource Name (ARN) used to create the data lake. Required: Yes Type: String Minimum: 1Maximum: 256Update requires: Replacement 
- Sources
- 
                    Amazon Security Lake supports log and event collection for natively supported AWS services. For more information, see the Amazon Security Lake User Guide. Required: Yes Type: Array of Source Update requires: No interruption 
- SubscriberDescription
- 
                    The subscriber descriptions for a subscriber account. The description for a subscriber includes subscriberName,accountID,externalID, andsubscriberId.Required: No Type: String Update requires: No interruption 
- SubscriberIdentity
- 
                    The AWS identity used to access your data. Required: Yes Type: SubscriberIdentity Update requires: No interruption 
- SubscriberName
- 
                    The name of your Amazon Security Lake subscriber account. Required: Yes Type: String Pattern: ^[\\\w\s\-_:/,.@=+]*$Minimum: 1Maximum: 64Update requires: No interruption 
- 
                    An array of objects, one for each tag to associate with the subscriber. For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string. Required: No Type: Array of Tag Update requires: No interruption 
Return values
Ref
When you pass the logical ID of this resource to the intrinsic ref function, ref returns the Subscriber name.
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
- 
                            The Amazon Resource Name (ARN) of the Amazon Security Lake subscriber. 
- 
                            The ARN name of the Amazon Security Lake subscriber. 
- S3BucketArn
- 
                            The Amazon Resource Name (ARN) of the S3 bucket. 
- SubscriberArn
- 
                            The Amazon Resource Name (ARN) of the Security Lake subscriber. 
- SubscriberRoleArn
- 
                            The Amazon Resource Name (ARN) of the role used to create the Security Lake subscriber.