Table: aws_securitylake_data_lake - Query AWS Lake Formation Data Lakes using SQL
The AWS Lake Formation is a service that makes it easy to set up, secure, and manage your data lakes. It simplifies the process of data ingestion, cataloging, transformation, and security. With Lake Formation, you can query your data using SQL, making it accessible for analysis and decision-making processes.
Table Usage Guide
The aws_securitylake_data_lake
table in Steampipe provides you with information about Data Lakes within AWS Lake Formation. This table allows you, as a DevOps engineer, to query Data Lake-specific details, including the Data Lake name, creation time, last modified time, and more. You can utilize this table to gather insights on Data Lakes, such as their creation times, last modified times, and other associated metadata. The schema outlines the various attributes of the Data Lake for you, including the Data Lake name, creation time, last modified time, and more.
Examples
Basic info
Determine the areas in which your AWS Security Lake data is being replicated and stored. This allows you to assess the status and security measures applied to your data storage and replication processes.
select encryption_key, replication_role_arn, s3_bucket_arn, statusfrom aws_securitylake_data_lake;
select encryption_key, replication_role_arn, s3_bucket_arn, statusfrom aws_securitylake_data_lake;
Get S3 bucket details of each data lake
Explore the security configurations of your data lakes by identifying the ones stored in public S3 buckets. This allows for a quick assessment of potential vulnerabilities and helps maintain proper data privacy standards.
select distinct b.name as bucket_name, l.s3_bucket_arn, b.creation_date, b.bucket_policy_is_public, b.versioning_enabled, b.block_public_aclsfrom aws_securitylake_data_lake as l, aws_s3_bucket as bwhere l.s3_bucket_arn = b.arn;
select distinct b.name as bucket_name, l.s3_bucket_arn, b.creation_date, b.bucket_policy_is_public, b.versioning_enabled, b.block_public_aclsfrom aws_securitylake_data_lake as l, aws_s3_bucket as bwhere l.s3_bucket_arn = b.arn;
Get retention setting details of data lake
Determine the status of your data lake's security settings, including encryption, replication, and storage details. This is particularly useful for managing data retention and ensuring optimal storage class configurations.
select l.encryption_key, l.replication_role_arn, l.s3_bucket_arn, l.status, r ->> 'RetentionPeriod' as retention_period, r ->> 'StorageClass' as storage_classfrom aws_securitylake_data_lake as l, jsonb_array_elements(retention_settings) as r;
select l.encryption_key, l.replication_role_arn, l.s3_bucket_arn, l.status, json_extract(r.value, '$.RetentionPeriod') as retention_period, json_extract(r.value, '$.StorageClass') as storage_classfrom aws_securitylake_data_lake as l, json_each(l.retention_settings) as r;
List data lakes where the configuration operation is in a pending state
Determine the areas in which data lakes are yet to complete their configuration process. This is beneficial in identifying and resolving potential delays in the setup of your data lakes.
select encryption_key, replication_role_arn, s3_bucket_arn, statusfrom aws_securitylake_data_lakewhere status = 'PENDING';
select encryption_key, replication_role_arn, s3_bucket_arn, statusfrom aws_securitylake_data_lakewhere status = 'PENDING';
Schema for aws_securitylake_data_lake
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
arn | text | The Amazon Resource Name (ARN) created by you to provide to the subscriber. | |
create_status | text | Retrieves the status of the configuration operation for an account in Amazon Security Lake. | |
kms_key_id | text | The id of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object. | |
lifecycle_configuration | jsonb | Provides lifecycle details of Amazon Security Lake object. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
region | text | The AWS Region in which the resource is located. | |
replication_configuration | jsonb | Provides replication details of Amazon Security Lake object. | |
replication_destination_regions | jsonb | Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. | |
replication_role_arn | text | This parameter uses the IAM role created by you that is managed by Security Lake, to ensure the replication setting is correct. | |
retention_settings | jsonb | Retention settings for the destination Amazon S3 buckets. | |
s3_bucket_arn | text | Amazon Resource Names (ARNs) uniquely identify Amazon Web Services resources. | |
source_name | text | The supported Amazon Web Services from which logs and events are collected. Amazon Security Lake supports log and event collection for natively supported Amazon Web Services. | |
source_statuses | jsonb | The log status for the Security Lake account. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
status | text | Retrieves the status of the configuration operation for an account in Amazon Security Lake. | |
update_status | jsonb | The status of the last UpdateDataLake or DeleteDataLake API request. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_securitylake_data_lake