Amazon Security Lake · Arazzo Workflow

Amazon Security Lake Provision Data Lake

Version 1.0.0

Create a Security Lake data lake, confirm it is listed, and inspect its collecting sources.

1 workflow 1 source API 1 provider
View Spec View on GitHub Data LakeSecuritySIEMThreat DetectionArazzoWorkflows

Provider

amazon-security-lake

Workflows

provision-data-lake
Create a data lake in a region and verify it is registered and collecting sources.
Creates a Security Lake data lake, lists data lakes to confirm registration and capture the ARN, branches on the reported status, and reads back the sources the lake is collecting.
3 steps inputs: accounts, expirationDays, kmsKeyId, metaStoreManagerRoleArn, region outputs: dataLakeArn, dataLakeSources, status
1
createDataLake
CreateDataLake
Create the data lake in the target region with the supplied encryption, lifecycle, and metadata store manager configuration.
2
listDataLakes
ListDataLakes
List the data lakes in the account and region to confirm the newly created lake is registered and to capture its current status.
3
getSources
GetDataLakeSources
Retrieve a snapshot of which sources the data lake is collecting security data from for the supplied accounts.

Source API Descriptions

openapi
securityLakeApi https://raw.githubusercontent.com/api-evangelist/amazon-security-lake/refs/heads/main/openapi/amazon-security-lake-openapi.yml

Arazzo Workflow Specification

amazon-security-lake-provision-data-lake-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Amazon Security Lake Provision Data Lake
  summary: Create a Security Lake data lake, confirm it is listed, and inspect its collecting sources.
  description: >-
    Stands up a new Amazon Security Lake data lake in a target region and then
    verifies it is operational. The workflow creates the data lake with an
    encryption and lifecycle configuration, lists the account's data lakes to
    confirm the new lake is registered and capture its ARN and status, branches
    on whether the lake reports a terminal status, and finally retrieves a
    snapshot of the sources the lake is collecting data from. Every step spells
    out its request inline so the flow can be read and executed without opening
    the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: securityLakeApi
  url: ../openapi/amazon-security-lake-openapi.yml
  type: openapi
workflows:
- workflowId: provision-data-lake
  summary: Create a data lake in a region and verify it is registered and collecting sources.
  description: >-
    Creates a Security Lake data lake, lists data lakes to confirm registration
    and capture the ARN, branches on the reported status, and reads back the
    sources the lake is collecting.
  inputs:
    type: object
    required:
    - region
    - metaStoreManagerRoleArn
    properties:
      region:
        type: string
        description: The AWS region in which to configure the data lake (e.g. us-east-1).
      metaStoreManagerRoleArn:
        type: string
        description: The ARN of the IAM role for the metadata store manager.
      kmsKeyId:
        type: string
        description: The KMS key ID used to encrypt data at rest in the data lake.
      expirationDays:
        type: integer
        description: Number of days after which collected data expires.
      accounts:
        type: array
        description: AWS account IDs to retrieve collecting sources for.
        items:
          type: string
  steps:
  - stepId: createDataLake
    description: >-
      Create the data lake in the target region with the supplied encryption,
      lifecycle, and metadata store manager configuration.
    operationId: CreateDataLake
    requestBody:
      contentType: application/json
      payload:
        configurations:
        - region: $inputs.region
          encryptionConfiguration:
            kmsKeyId: $inputs.kmsKeyId
          lifecycleConfiguration:
            expiration:
              days: $inputs.expirationDays
        metaStoreManagerRoleArn: $inputs.metaStoreManagerRoleArn
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      dataLakeArn: $response.body#/dataLakes/0/dataLakeArn
      status: $response.body#/dataLakes/0/status
  - stepId: listDataLakes
    description: >-
      List the data lakes in the account and region to confirm the newly
      created lake is registered and to capture its current status.
    operationId: ListDataLakes
    parameters:
    - name: regions
      in: query
      value: $inputs.region
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      dataLakeArn: $response.body#/dataLakes/0/dataLakeArn
      status: $response.body#/dataLakes/0/status
    onSuccess:
    - name: lakeReady
      type: goto
      stepId: getSources
      criteria:
      - context: $response.body
        condition: $.dataLakes[0].status == "COMPLETED"
        type: jsonpath
    - name: lakeInitializing
      type: goto
      stepId: getSources
      criteria:
      - context: $response.body
        condition: $.dataLakes[0].status == "INITIALIZED"
        type: jsonpath
  - stepId: getSources
    description: >-
      Retrieve a snapshot of which sources the data lake is collecting security
      data from for the supplied accounts.
    operationId: GetDataLakeSources
    requestBody:
      contentType: application/json
      payload:
        accounts: $inputs.accounts
        maxResults: 25
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      dataLakeSources: $response.body#/dataLakeSources
      nextToken: $response.body#/nextToken
  outputs:
    dataLakeArn: $steps.listDataLakes.outputs.dataLakeArn
    status: $steps.listDataLakes.outputs.status
    dataLakeSources: $steps.getSources.outputs.dataLakeSources