Docs Home
lacework 2.0.6 published on Monday, Apr 14, 2025 by lacework
lacework.AlertChannelAwsS3
Explore with Pulumi AI
S3 data export allows you to export data collected from your Lacework account and send it to an S3 bucket of your choice. You can extend Lacework processed/normalized data to report/visualize alone or combine with other business/security data to get insights and make meaningful business decisions.
!> Warning: This feature is currently in beta.
Every hour, Lacework collects data from your Lacework account and sends it to an internal Lacework S3 bucket as a staging location. The data remains in the internal Lacework S3 bucket until its hourly scheduled export to your designated S3 bucket.
For detailed information about the data exported by Lacework, see Lacework Data Share.
Note: Before proceeding, ensure that the bucket that will receive the data from Lacework already exists in AWS.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as lacework from "@pulumi/lacework";
const dataExport = new lacework.AlertChannelAwsS3("dataExport", {
bucketArn: "arn:aws:s3:::bucket_name/key_name",
credentials: {
externalId: "12345",
roleArn: "arn:aws:iam::1234567890:role/lacework_iam_example_role",
},
});
import pulumi
import pulumi_lacework as lacework
data_export = lacework.AlertChannelAwsS3("dataExport",
bucket_arn="arn:aws:s3:::bucket_name/key_name",
credentials={
"external_id": "12345",
"role_arn": "arn:aws:iam::1234567890:role/lacework_iam_example_role",
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/lacework/v2/lacework"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lacework.NewAlertChannelAwsS3(ctx, "dataExport", &lacework.AlertChannelAwsS3Args{
BucketArn: pulumi.String("arn:aws:s3:::bucket_name/key_name"),
Credentials: &lacework.AlertChannelAwsS3CredentialsArgs{
ExternalId: pulumi.String("12345"),
RoleArn: pulumi.String("arn:aws:iam::1234567890:role/lacework_iam_example_role"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Lacework = Pulumi.Lacework;
return await Deployment.RunAsync(() =>
{
var dataExport = new Lacework.AlertChannelAwsS3("dataExport", new()
{
BucketArn = "arn:aws:s3:::bucket_name/key_name",
Credentials = new Lacework.Inputs.AlertChannelAwsS3CredentialsArgs
{
ExternalId = "12345",
RoleArn = "arn:aws:iam::1234567890:role/lacework_iam_example_role",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.lacework.AlertChannelAwsS3;
import com.pulumi.lacework.AlertChannelAwsS3Args;
import com.pulumi.lacework.inputs.AlertChannelAwsS3CredentialsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var dataExport = new AlertChannelAwsS3("dataExport", AlertChannelAwsS3Args.builder()
.bucketArn("arn:aws:s3:::bucket_name/key_name")
.credentials(AlertChannelAwsS3CredentialsArgs.builder()
.externalId("12345")
.roleArn("arn:aws:iam::1234567890:role/lacework_iam_example_role")
.build())
.build());
}
}
resources:
dataExport:
type: lacework:AlertChannelAwsS3
properties:
bucketArn: arn:aws:s3:::bucket_name/key_name
credentials:
externalId: '12345'
roleArn: arn:aws:iam::1234567890:role/lacework_iam_example_role
Create AlertChannelAwsS3 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AlertChannelAwsS3(name: string, args: AlertChannelAwsS3Args, opts?: CustomResourceOptions);@overload
def AlertChannelAwsS3(resource_name: str,
args: AlertChannelAwsS3Args,
opts: Optional[ResourceOptions] = None)
@overload
def AlertChannelAwsS3(resource_name: str,
opts: Optional[ResourceOptions] = None,
bucket_arn: Optional[str] = None,
credentials: Optional[AlertChannelAwsS3CredentialsArgs] = None,
alert_channel_aws_s3_id: Optional[str] = None,
enabled: Optional[bool] = None,
name: Optional[str] = None,
test_integration: Optional[bool] = None)func NewAlertChannelAwsS3(ctx *Context, name string, args AlertChannelAwsS3Args, opts ...ResourceOption) (*AlertChannelAwsS3, error)public AlertChannelAwsS3(string name, AlertChannelAwsS3Args args, CustomResourceOptions? opts = null)
public AlertChannelAwsS3(String name, AlertChannelAwsS3Args args)
public AlertChannelAwsS3(String name, AlertChannelAwsS3Args args, CustomResourceOptions options)
type: lacework:AlertChannelAwsS3
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AlertChannelAwsS3Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AlertChannelAwsS3Args
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AlertChannelAwsS3Args
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AlertChannelAwsS3Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AlertChannelAwsS3Args
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var alertChannelAwsS3Resource = new Lacework.AlertChannelAwsS3("alertChannelAwsS3Resource", new()
{
BucketArn = "string",
Credentials = new Lacework.Inputs.AlertChannelAwsS3CredentialsArgs
{
ExternalId = "string",
RoleArn = "string",
},
AlertChannelAwsS3Id = "string",
Enabled = false,
Name = "string",
TestIntegration = false,
});
example, err := lacework.NewAlertChannelAwsS3(ctx, "alertChannelAwsS3Resource", &lacework.AlertChannelAwsS3Args{
BucketArn: pulumi.String("string"),
Credentials: &lacework.AlertChannelAwsS3CredentialsArgs{
ExternalId: pulumi.String("string"),
RoleArn: pulumi.String("string"),
},
AlertChannelAwsS3Id: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Name: pulumi.String("string"),
TestIntegration: pulumi.Bool(false),
})
var alertChannelAwsS3Resource = new AlertChannelAwsS3("alertChannelAwsS3Resource", AlertChannelAwsS3Args.builder()
.bucketArn("string")
.credentials(AlertChannelAwsS3CredentialsArgs.builder()
.externalId("string")
.roleArn("string")
.build())
.alertChannelAwsS3Id("string")
.enabled(false)
.name("string")
.testIntegration(false)
.build());
alert_channel_aws_s3_resource = lacework.AlertChannelAwsS3("alertChannelAwsS3Resource",
bucket_arn="string",
credentials={
"external_id": "string",
"role_arn": "string",
},
alert_channel_aws_s3_id="string",
enabled=False,
name="string",
test_integration=False)
const alertChannelAwsS3Resource = new lacework.AlertChannelAwsS3("alertChannelAwsS3Resource", {
bucketArn: "string",
credentials: {
externalId: "string",
roleArn: "string",
},
alertChannelAwsS3Id: "string",
enabled: false,
name: "string",
testIntegration: false,
});
type: lacework:AlertChannelAwsS3
properties:
alertChannelAwsS3Id: string
bucketArn: string
credentials:
externalId: string
roleArn: string
enabled: false
name: string
testIntegration: false
AlertChannelAwsS3 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AlertChannelAwsS3 resource accepts the following input properties:
- Bucket
Arn string - The ARN of the S3 bucket.
- Credentials
Alert
Channel Aws S3Credentials - The credentials needed by the integration. See Credentials below for details.
- Alert
Channel stringAws S3Id - Enabled bool
- The state of the external integration. Defaults to
true. - Name string
- The Alert Channel integration name.
- Test
Integration bool - Whether to test the integration of an alert channel upon creation and modification
- Bucket
Arn string - The ARN of the S3 bucket.
- Credentials
Alert
Channel Aws S3Credentials Args - The credentials needed by the integration. See Credentials below for details.
- Alert
Channel stringAws S3Id - Enabled bool
- The state of the external integration. Defaults to
true. - Name string
- The Alert Channel integration name.
- Test
Integration bool - Whether to test the integration of an alert channel upon creation and modification
- bucket
Arn String - The ARN of the S3 bucket.
- credentials
Alert
Channel Aws S3Credentials - The credentials needed by the integration. See Credentials below for details.
- alert
Channel StringAws S3Id - enabled Boolean
- The state of the external integration. Defaults to
true. - name String
- The Alert Channel integration name.
- test
Integration Boolean - Whether to test the integration of an alert channel upon creation and modification
- bucket
Arn string - The ARN of the S3 bucket.
- credentials
Alert
Channel Aws S3Credentials - The credentials needed by the integration. See Credentials below for details.
- alert
Channel stringAws S3Id - enabled boolean
- The state of the external integration. Defaults to
true. - name string
- The Alert Channel integration name.
- test
Integration boolean - Whether to test the integration of an alert channel upon creation and modification
- bucket_
arn str - The ARN of the S3 bucket.
- credentials
Alert
Channel Aws S3Credentials Args - The credentials needed by the integration. See Credentials below for details.
- alert_
channel_ straws_ s3_ id - enabled bool
- The state of the external integration. Defaults to
true. - name str
- The Alert Channel integration name.
- test_
integration bool - Whether to test the integration of an alert channel upon creation and modification
- bucket
Arn String - The ARN of the S3 bucket.
- credentials Property Map
- The credentials needed by the integration. See Credentials below for details.
- alert
Channel StringAws S3Id - enabled Boolean
- The state of the external integration. Defaults to
true. - name String
- The Alert Channel integration name.
- test
Integration Boolean - Whether to test the integration of an alert channel upon creation and modification
Outputs
All input properties are implicitly available as output properties. Additionally, the AlertChannelAwsS3 resource produces the following output properties:
- Created
Or stringUpdated By - Created
Or stringUpdated Time - Id string
- The provider-assigned unique ID for this managed resource.
- Intg
Guid string - Org
Level bool - Type
Name string
- Created
Or stringUpdated By - Created
Or stringUpdated Time - Id string
- The provider-assigned unique ID for this managed resource.
- Intg
Guid string - Org
Level bool - Type
Name string
- created
Or StringUpdated By - created
Or StringUpdated Time - id String
- The provider-assigned unique ID for this managed resource.
- intg
Guid String - org
Level Boolean - type
Name String
- created
Or stringUpdated By - created
Or stringUpdated Time - id string
- The provider-assigned unique ID for this managed resource.
- intg
Guid string - org
Level boolean - type
Name string
- created_
or_ strupdated_ by - created_
or_ strupdated_ time - id str
- The provider-assigned unique ID for this managed resource.
- intg_
guid str - org_
level bool - type_
name str
- created
Or StringUpdated By - created
Or StringUpdated Time - id String
- The provider-assigned unique ID for this managed resource.
- intg
Guid String - org
Level Boolean - type
Name String
Look up Existing AlertChannelAwsS3 Resource
Get an existing AlertChannelAwsS3 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AlertChannelAwsS3State, opts?: CustomResourceOptions): AlertChannelAwsS3@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alert_channel_aws_s3_id: Optional[str] = None,
bucket_arn: Optional[str] = None,
created_or_updated_by: Optional[str] = None,
created_or_updated_time: Optional[str] = None,
credentials: Optional[AlertChannelAwsS3CredentialsArgs] = None,
enabled: Optional[bool] = None,
intg_guid: Optional[str] = None,
name: Optional[str] = None,
org_level: Optional[bool] = None,
test_integration: Optional[bool] = None,
type_name: Optional[str] = None) -> AlertChannelAwsS3func GetAlertChannelAwsS3(ctx *Context, name string, id IDInput, state *AlertChannelAwsS3State, opts ...ResourceOption) (*AlertChannelAwsS3, error)public static AlertChannelAwsS3 Get(string name, Input<string> id, AlertChannelAwsS3State? state, CustomResourceOptions? opts = null)public static AlertChannelAwsS3 get(String name, Output<String> id, AlertChannelAwsS3State state, CustomResourceOptions options)resources: _: type: lacework:AlertChannelAwsS3 get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alert
Channel stringAws S3Id - Bucket
Arn string - The ARN of the S3 bucket.
- Created
Or stringUpdated By - Created
Or stringUpdated Time - Credentials
Alert
Channel Aws S3Credentials - The credentials needed by the integration. See Credentials below for details.
- Enabled bool
- The state of the external integration. Defaults to
true. - Intg
Guid string - Name string
- The Alert Channel integration name.
- Org
Level bool - Test
Integration bool - Whether to test the integration of an alert channel upon creation and modification
- Type
Name string
- Alert
Channel stringAws S3Id - Bucket
Arn string - The ARN of the S3 bucket.
- Created
Or stringUpdated By - Created
Or stringUpdated Time - Credentials
Alert
Channel Aws S3Credentials Args - The credentials needed by the integration. See Credentials below for details.
- Enabled bool
- The state of the external integration. Defaults to
true. - Intg
Guid string - Name string
- The Alert Channel integration name.
- Org
Level bool - Test
Integration bool - Whether to test the integration of an alert channel upon creation and modification
- Type
Name string
- alert
Channel StringAws S3Id - bucket
Arn String - The ARN of the S3 bucket.
- created
Or StringUpdated By - created
Or StringUpdated Time - credentials
Alert
Channel Aws S3Credentials - The credentials needed by the integration. See Credentials below for details.
- enabled Boolean
- The state of the external integration. Defaults to
true. - intg
Guid String - name String
- The Alert Channel integration name.
- org
Level Boolean - test
Integration Boolean - Whether to test the integration of an alert channel upon creation and modification
- type
Name String
- alert
Channel stringAws S3Id - bucket
Arn string - The ARN of the S3 bucket.
- created
Or stringUpdated By - created
Or stringUpdated Time - credentials
Alert
Channel Aws S3Credentials - The credentials needed by the integration. See Credentials below for details.
- enabled boolean
- The state of the external integration. Defaults to
true. - intg
Guid string - name string
- The Alert Channel integration name.
- org
Level boolean - test
Integration boolean - Whether to test the integration of an alert channel upon creation and modification
- type
Name string
- alert_
channel_ straws_ s3_ id - bucket_
arn str - The ARN of the S3 bucket.
- created_
or_ strupdated_ by - created_
or_ strupdated_ time - credentials
Alert
Channel Aws S3Credentials Args - The credentials needed by the integration. See Credentials below for details.
- enabled bool
- The state of the external integration. Defaults to
true. - intg_
guid str - name str
- The Alert Channel integration name.
- org_
level bool - test_
integration bool - Whether to test the integration of an alert channel upon creation and modification
- type_
name str
- alert
Channel StringAws S3Id - bucket
Arn String - The ARN of the S3 bucket.
- created
Or StringUpdated By - created
Or StringUpdated Time - credentials Property Map
- The credentials needed by the integration. See Credentials below for details.
- enabled Boolean
- The state of the external integration. Defaults to
true. - intg
Guid String - name String
- The Alert Channel integration name.
- org
Level Boolean - test
Integration Boolean - Whether to test the integration of an alert channel upon creation and modification
- type
Name String
Supporting Types
AlertChannelAwsS3Credentials, AlertChannelAwsS3CredentialsArgs
- External
Id string - The external ID for the IAM role.
- Role
Arn string - The ARN of the IAM role.
- External
Id string - The external ID for the IAM role.
- Role
Arn string - The ARN of the IAM role.
- external
Id String - The external ID for the IAM role.
- role
Arn String - The ARN of the IAM role.
- external
Id string - The external ID for the IAM role.
- role
Arn string - The ARN of the IAM role.
- external_
id str - The external ID for the IAM role.
- role_
arn str - The ARN of the IAM role.
- external
Id String - The external ID for the IAM role.
- role
Arn String - The ARN of the IAM role.
Import
A Lacework Amazon S3 Alert Channel integration can be imported using a INT_GUID, e.g.
$ pulumi import lacework:index/alertChannelAwsS3:AlertChannelAwsS3 data_export EXAMPLE_1234BAE1E42182964D23973F44CFEA3C4AB63B99E9A1EC5
-> Note: To retrieve the INT_GUID from existing integrations in your account, use the
Lacework CLI command lacework alert-channel list. To install this tool follow
this documentation.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- lacework lacework/terraform-provider-lacework
- License
- Notes
- This Pulumi package is based on the
laceworkTerraform Provider.