Docs Home
lacework 2.0.6 published on Monday, Apr 14, 2025 by lacework
lacework.IntegrationAwsEksAuditLog
Explore with Pulumi AI
Use this resource to configure an AWS EKS Audit Log integration to analyze EKS audit logs.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as lacework from "@pulumi/lacework";
const accountAbc = new lacework.IntegrationAwsEksAuditLog("accountAbc", {
credentials: {
externalId: "12345",
roleArn: "arn:aws:iam::1234567890:role/lacework_iam_example_role",
},
s3BucketArn: "arn:aws:s3:::example-bucket-name",
snsArn: "arn:aws:sns:us-west-2:123456789:foo-lacework-eks:00777777-ab77-1234-a123-a12ab1d12c1d",
});
import pulumi
import pulumi_lacework as lacework
account_abc = lacework.IntegrationAwsEksAuditLog("accountAbc",
credentials={
"external_id": "12345",
"role_arn": "arn:aws:iam::1234567890:role/lacework_iam_example_role",
},
s3_bucket_arn="arn:aws:s3:::example-bucket-name",
sns_arn="arn:aws:sns:us-west-2:123456789:foo-lacework-eks:00777777-ab77-1234-a123-a12ab1d12c1d")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/lacework/v2/lacework"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lacework.NewIntegrationAwsEksAuditLog(ctx, "accountAbc", &lacework.IntegrationAwsEksAuditLogArgs{
Credentials: &lacework.IntegrationAwsEksAuditLogCredentialsArgs{
ExternalId: pulumi.String("12345"),
RoleArn: pulumi.String("arn:aws:iam::1234567890:role/lacework_iam_example_role"),
},
S3BucketArn: pulumi.String("arn:aws:s3:::example-bucket-name"),
SnsArn: pulumi.String("arn:aws:sns:us-west-2:123456789:foo-lacework-eks:00777777-ab77-1234-a123-a12ab1d12c1d"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Lacework = Pulumi.Lacework;
return await Deployment.RunAsync(() =>
{
var accountAbc = new Lacework.IntegrationAwsEksAuditLog("accountAbc", new()
{
Credentials = new Lacework.Inputs.IntegrationAwsEksAuditLogCredentialsArgs
{
ExternalId = "12345",
RoleArn = "arn:aws:iam::1234567890:role/lacework_iam_example_role",
},
S3BucketArn = "arn:aws:s3:::example-bucket-name",
SnsArn = "arn:aws:sns:us-west-2:123456789:foo-lacework-eks:00777777-ab77-1234-a123-a12ab1d12c1d",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.lacework.IntegrationAwsEksAuditLog;
import com.pulumi.lacework.IntegrationAwsEksAuditLogArgs;
import com.pulumi.lacework.inputs.IntegrationAwsEksAuditLogCredentialsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var accountAbc = new IntegrationAwsEksAuditLog("accountAbc", IntegrationAwsEksAuditLogArgs.builder()
.credentials(IntegrationAwsEksAuditLogCredentialsArgs.builder()
.externalId("12345")
.roleArn("arn:aws:iam::1234567890:role/lacework_iam_example_role")
.build())
.s3BucketArn("arn:aws:s3:::example-bucket-name")
.snsArn("arn:aws:sns:us-west-2:123456789:foo-lacework-eks:00777777-ab77-1234-a123-a12ab1d12c1d")
.build());
}
}
resources:
accountAbc:
type: lacework:IntegrationAwsEksAuditLog
properties:
credentials:
externalId: '12345'
roleArn: arn:aws:iam::1234567890:role/lacework_iam_example_role
s3BucketArn: arn:aws:s3:::example-bucket-name
snsArn: arn:aws:sns:us-west-2:123456789:foo-lacework-eks:00777777-ab77-1234-a123-a12ab1d12c1d
Create IntegrationAwsEksAuditLog Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new IntegrationAwsEksAuditLog(name: string, args: IntegrationAwsEksAuditLogArgs, opts?: CustomResourceOptions);@overload
def IntegrationAwsEksAuditLog(resource_name: str,
args: IntegrationAwsEksAuditLogArgs,
opts: Optional[ResourceOptions] = None)
@overload
def IntegrationAwsEksAuditLog(resource_name: str,
opts: Optional[ResourceOptions] = None,
credentials: Optional[IntegrationAwsEksAuditLogCredentialsArgs] = None,
sns_arn: Optional[str] = None,
enabled: Optional[bool] = None,
integration_aws_eks_audit_log_id: Optional[str] = None,
name: Optional[str] = None,
retries: Optional[float] = None,
s3_bucket_arn: Optional[str] = None)func NewIntegrationAwsEksAuditLog(ctx *Context, name string, args IntegrationAwsEksAuditLogArgs, opts ...ResourceOption) (*IntegrationAwsEksAuditLog, error)public IntegrationAwsEksAuditLog(string name, IntegrationAwsEksAuditLogArgs args, CustomResourceOptions? opts = null)
public IntegrationAwsEksAuditLog(String name, IntegrationAwsEksAuditLogArgs args)
public IntegrationAwsEksAuditLog(String name, IntegrationAwsEksAuditLogArgs args, CustomResourceOptions options)
type: lacework:IntegrationAwsEksAuditLog
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args IntegrationAwsEksAuditLogArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IntegrationAwsEksAuditLogArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IntegrationAwsEksAuditLogArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IntegrationAwsEksAuditLogArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IntegrationAwsEksAuditLogArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var integrationAwsEksAuditLogResource = new Lacework.IntegrationAwsEksAuditLog("integrationAwsEksAuditLogResource", new()
{
Credentials = new Lacework.Inputs.IntegrationAwsEksAuditLogCredentialsArgs
{
ExternalId = "string",
RoleArn = "string",
},
SnsArn = "string",
Enabled = false,
IntegrationAwsEksAuditLogId = "string",
Name = "string",
Retries = 0,
S3BucketArn = "string",
});
example, err := lacework.NewIntegrationAwsEksAuditLog(ctx, "integrationAwsEksAuditLogResource", &lacework.IntegrationAwsEksAuditLogArgs{
Credentials: &lacework.IntegrationAwsEksAuditLogCredentialsArgs{
ExternalId: pulumi.String("string"),
RoleArn: pulumi.String("string"),
},
SnsArn: pulumi.String("string"),
Enabled: pulumi.Bool(false),
IntegrationAwsEksAuditLogId: pulumi.String("string"),
Name: pulumi.String("string"),
Retries: pulumi.Float64(0),
S3BucketArn: pulumi.String("string"),
})
var integrationAwsEksAuditLogResource = new IntegrationAwsEksAuditLog("integrationAwsEksAuditLogResource", IntegrationAwsEksAuditLogArgs.builder()
.credentials(IntegrationAwsEksAuditLogCredentialsArgs.builder()
.externalId("string")
.roleArn("string")
.build())
.snsArn("string")
.enabled(false)
.integrationAwsEksAuditLogId("string")
.name("string")
.retries(0)
.s3BucketArn("string")
.build());
integration_aws_eks_audit_log_resource = lacework.IntegrationAwsEksAuditLog("integrationAwsEksAuditLogResource",
credentials={
"external_id": "string",
"role_arn": "string",
},
sns_arn="string",
enabled=False,
integration_aws_eks_audit_log_id="string",
name="string",
retries=0,
s3_bucket_arn="string")
const integrationAwsEksAuditLogResource = new lacework.IntegrationAwsEksAuditLog("integrationAwsEksAuditLogResource", {
credentials: {
externalId: "string",
roleArn: "string",
},
snsArn: "string",
enabled: false,
integrationAwsEksAuditLogId: "string",
name: "string",
retries: 0,
s3BucketArn: "string",
});
type: lacework:IntegrationAwsEksAuditLog
properties:
credentials:
externalId: string
roleArn: string
enabled: false
integrationAwsEksAuditLogId: string
name: string
retries: 0
s3BucketArn: string
snsArn: string
IntegrationAwsEksAuditLog Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The IntegrationAwsEksAuditLog resource accepts the following input properties:
- Credentials
Integration
Aws Eks Audit Log Credentials - The credentials needed by the integration. See Credentials below for details.
- Sns
Arn string - The SNS topic ARN to share with Lacework.
- Enabled bool
- The state of the external integration. Defaults to
true. - Integration
Aws stringEks Audit Log Id - Name string
- The AWS CloudTrail integration name.
- Retries double
- The number of attempts to create the cloud account integration. Defaults to
5. - S3Bucket
Arn string - The S3 Bucket ARN to share with Lacework.
- Credentials
Integration
Aws Eks Audit Log Credentials Args - The credentials needed by the integration. See Credentials below for details.
- Sns
Arn string - The SNS topic ARN to share with Lacework.
- Enabled bool
- The state of the external integration. Defaults to
true. - Integration
Aws stringEks Audit Log Id - Name string
- The AWS CloudTrail integration name.
- Retries float64
- The number of attempts to create the cloud account integration. Defaults to
5. - S3Bucket
Arn string - The S3 Bucket ARN to share with Lacework.
- credentials
Integration
Aws Eks Audit Log Credentials - The credentials needed by the integration. See Credentials below for details.
- sns
Arn String - The SNS topic ARN to share with Lacework.
- enabled Boolean
- The state of the external integration. Defaults to
true. - integration
Aws StringEks Audit Log Id - name String
- The AWS CloudTrail integration name.
- retries Double
- The number of attempts to create the cloud account integration. Defaults to
5. - s3Bucket
Arn String - The S3 Bucket ARN to share with Lacework.
- credentials
Integration
Aws Eks Audit Log Credentials - The credentials needed by the integration. See Credentials below for details.
- sns
Arn string - The SNS topic ARN to share with Lacework.
- enabled boolean
- The state of the external integration. Defaults to
true. - integration
Aws stringEks Audit Log Id - name string
- The AWS CloudTrail integration name.
- retries number
- The number of attempts to create the cloud account integration. Defaults to
5. - s3Bucket
Arn string - The S3 Bucket ARN to share with Lacework.
- credentials
Integration
Aws Eks Audit Log Credentials Args - The credentials needed by the integration. See Credentials below for details.
- sns_
arn str - The SNS topic ARN to share with Lacework.
- enabled bool
- The state of the external integration. Defaults to
true. - integration_
aws_ streks_ audit_ log_ id - name str
- The AWS CloudTrail integration name.
- retries float
- The number of attempts to create the cloud account integration. Defaults to
5. - s3_
bucket_ strarn - The S3 Bucket ARN to share with Lacework.
- credentials Property Map
- The credentials needed by the integration. See Credentials below for details.
- sns
Arn String - The SNS topic ARN to share with Lacework.
- enabled Boolean
- The state of the external integration. Defaults to
true. - integration
Aws StringEks Audit Log Id - name String
- The AWS CloudTrail integration name.
- retries Number
- The number of attempts to create the cloud account integration. Defaults to
5. - s3Bucket
Arn String - The S3 Bucket ARN to share with Lacework.
Outputs
All input properties are implicitly available as output properties. Additionally, the IntegrationAwsEksAuditLog resource produces the following output properties:
- Created
Or stringUpdated By - Created
Or stringUpdated Time - Id string
- The provider-assigned unique ID for this managed resource.
- Intg
Guid string - Is
Org bool - Type
Name string
- Created
Or stringUpdated By - Created
Or stringUpdated Time - Id string
- The provider-assigned unique ID for this managed resource.
- Intg
Guid string - Is
Org bool - Type
Name string
- created
Or StringUpdated By - created
Or StringUpdated Time - id String
- The provider-assigned unique ID for this managed resource.
- intg
Guid String - is
Org Boolean - type
Name String
- created
Or stringUpdated By - created
Or stringUpdated Time - id string
- The provider-assigned unique ID for this managed resource.
- intg
Guid string - is
Org boolean - type
Name string
- created_
or_ strupdated_ by - created_
or_ strupdated_ time - id str
- The provider-assigned unique ID for this managed resource.
- intg_
guid str - is_
org bool - type_
name str
- created
Or StringUpdated By - created
Or StringUpdated Time - id String
- The provider-assigned unique ID for this managed resource.
- intg
Guid String - is
Org Boolean - type
Name String
Look up Existing IntegrationAwsEksAuditLog Resource
Get an existing IntegrationAwsEksAuditLog resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IntegrationAwsEksAuditLogState, opts?: CustomResourceOptions): IntegrationAwsEksAuditLog@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
created_or_updated_by: Optional[str] = None,
created_or_updated_time: Optional[str] = None,
credentials: Optional[IntegrationAwsEksAuditLogCredentialsArgs] = None,
enabled: Optional[bool] = None,
integration_aws_eks_audit_log_id: Optional[str] = None,
intg_guid: Optional[str] = None,
is_org: Optional[bool] = None,
name: Optional[str] = None,
retries: Optional[float] = None,
s3_bucket_arn: Optional[str] = None,
sns_arn: Optional[str] = None,
type_name: Optional[str] = None) -> IntegrationAwsEksAuditLogfunc GetIntegrationAwsEksAuditLog(ctx *Context, name string, id IDInput, state *IntegrationAwsEksAuditLogState, opts ...ResourceOption) (*IntegrationAwsEksAuditLog, error)public static IntegrationAwsEksAuditLog Get(string name, Input<string> id, IntegrationAwsEksAuditLogState? state, CustomResourceOptions? opts = null)public static IntegrationAwsEksAuditLog get(String name, Output<String> id, IntegrationAwsEksAuditLogState state, CustomResourceOptions options)resources: _: type: lacework:IntegrationAwsEksAuditLog get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Created
Or stringUpdated By - Created
Or stringUpdated Time - Credentials
Integration
Aws Eks Audit Log Credentials - The credentials needed by the integration. See Credentials below for details.
- Enabled bool
- The state of the external integration. Defaults to
true. - Integration
Aws stringEks Audit Log Id - Intg
Guid string - Is
Org bool - Name string
- The AWS CloudTrail integration name.
- Retries double
- The number of attempts to create the cloud account integration. Defaults to
5. - S3Bucket
Arn string - The S3 Bucket ARN to share with Lacework.
- Sns
Arn string - The SNS topic ARN to share with Lacework.
- Type
Name string
- Created
Or stringUpdated By - Created
Or stringUpdated Time - Credentials
Integration
Aws Eks Audit Log Credentials Args - The credentials needed by the integration. See Credentials below for details.
- Enabled bool
- The state of the external integration. Defaults to
true. - Integration
Aws stringEks Audit Log Id - Intg
Guid string - Is
Org bool - Name string
- The AWS CloudTrail integration name.
- Retries float64
- The number of attempts to create the cloud account integration. Defaults to
5. - S3Bucket
Arn string - The S3 Bucket ARN to share with Lacework.
- Sns
Arn string - The SNS topic ARN to share with Lacework.
- Type
Name string
- created
Or StringUpdated By - created
Or StringUpdated Time - credentials
Integration
Aws Eks Audit Log Credentials - The credentials needed by the integration. See Credentials below for details.
- enabled Boolean
- The state of the external integration. Defaults to
true. - integration
Aws StringEks Audit Log Id - intg
Guid String - is
Org Boolean - name String
- The AWS CloudTrail integration name.
- retries Double
- The number of attempts to create the cloud account integration. Defaults to
5. - s3Bucket
Arn String - The S3 Bucket ARN to share with Lacework.
- sns
Arn String - The SNS topic ARN to share with Lacework.
- type
Name String
- created
Or stringUpdated By - created
Or stringUpdated Time - credentials
Integration
Aws Eks Audit Log Credentials - The credentials needed by the integration. See Credentials below for details.
- enabled boolean
- The state of the external integration. Defaults to
true. - integration
Aws stringEks Audit Log Id - intg
Guid string - is
Org boolean - name string
- The AWS CloudTrail integration name.
- retries number
- The number of attempts to create the cloud account integration. Defaults to
5. - s3Bucket
Arn string - The S3 Bucket ARN to share with Lacework.
- sns
Arn string - The SNS topic ARN to share with Lacework.
- type
Name string
- created_
or_ strupdated_ by - created_
or_ strupdated_ time - credentials
Integration
Aws Eks Audit Log Credentials Args - The credentials needed by the integration. See Credentials below for details.
- enabled bool
- The state of the external integration. Defaults to
true. - integration_
aws_ streks_ audit_ log_ id - intg_
guid str - is_
org bool - name str
- The AWS CloudTrail integration name.
- retries float
- The number of attempts to create the cloud account integration. Defaults to
5. - s3_
bucket_ strarn - The S3 Bucket ARN to share with Lacework.
- sns_
arn str - The SNS topic ARN to share with Lacework.
- type_
name str
- created
Or StringUpdated By - created
Or StringUpdated Time - credentials Property Map
- The credentials needed by the integration. See Credentials below for details.
- enabled Boolean
- The state of the external integration. Defaults to
true. - integration
Aws StringEks Audit Log Id - intg
Guid String - is
Org Boolean - name String
- The AWS CloudTrail integration name.
- retries Number
- The number of attempts to create the cloud account integration. Defaults to
5. - s3Bucket
Arn String - The S3 Bucket ARN to share with Lacework.
- sns
Arn String - The SNS topic ARN to share with Lacework.
- type
Name String
Supporting Types
IntegrationAwsEksAuditLogCredentials, IntegrationAwsEksAuditLogCredentialsArgs
- External
Id string - The external ID for the IAM role.
- Role
Arn string - The ARN of the IAM role.
- External
Id string - The external ID for the IAM role.
- Role
Arn string - The ARN of the IAM role.
- external
Id String - The external ID for the IAM role.
- role
Arn String - The ARN of the IAM role.
- external
Id string - The external ID for the IAM role.
- role
Arn string - The ARN of the IAM role.
- external_
id str - The external ID for the IAM role.
- role_
arn str - The ARN of the IAM role.
- external
Id String - The external ID for the IAM role.
- role
Arn String - The ARN of the IAM role.
Import
A Lacework AWS EKS Audit Log integration can be imported using a INT_GUID, e.g.
$ pulumi import lacework:index/integrationAwsEksAuditLog:IntegrationAwsEksAuditLog account_abc EXAMPLE_1234BAE1E42182964D23973F44CFEA3C4AB63B99E9A1EC5
-> Note: To retrieve the INT_GUID from existing integrations in your account, use the
Lacework CLI command lacework cloud-account list. To install this tool follow
this documentation.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- lacework lacework/terraform-provider-lacework
- License
- Notes
- This Pulumi package is based on the
laceworkTerraform Provider.