Amazon Security Lake · Arazzo Workflow

Amazon Security Lake Provision Subscriber

Version 1.0.0

Create a subscriber, confirm its identity and status, and verify it is listed.

1 workflow 1 source API 1 provider
View Spec View on GitHub Data LakeSecuritySIEMThreat DetectionArazzoWorkflows

Provider

amazon-security-lake

Workflows

provision-subscriber
Create a subscriber and verify it is provisioned and listed.
Creates a subscriber with its identity and source access, reads it back to confirm status, branches on active versus pending, and lists subscribers to confirm registration.
3 steps inputs: accessTypes, sources, subscriberDescription, subscriberIdentity, subscriberName outputs: subscriberArn, subscriberId, subscriberStatus, subscribers
1
createSubscriber
CreateSubscriber
Create the subscriber for the enabled account with the supplied identity, sources, and access types.
2
getSubscriber
GetSubscriber
Read the subscriber back by ID to confirm its provisioned status and capture its ARN and resource share details.
3
listSubscribers
ListSubscribers
List the subscribers for the account to confirm the new subscriber is registered.

Source API Descriptions

openapi
securityLakeApi https://raw.githubusercontent.com/api-evangelist/amazon-security-lake/refs/heads/main/openapi/amazon-security-lake-openapi.yml

Arazzo Workflow Specification

amazon-security-lake-provision-subscriber-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Amazon Security Lake Provision Subscriber
  summary: Create a subscriber, confirm its identity and status, and verify it is listed.
  description: >-
    Provisions a data subscriber (such as a SIEM or analytics consumer) for an
    enabled Amazon Security Lake account and verifies it is ready. The workflow
    creates the subscriber with its identity, sources, and access types, reads
    the subscriber back to confirm its provisioned status, branches on whether
    the subscriber is active or still pending, and lists subscribers to confirm
    it is registered for the account. Every step spells out its request inline
    so the flow can be read and executed without opening the underlying OpenAPI
    description.
  version: 1.0.0
sourceDescriptions:
- name: securityLakeApi
  url: ../openapi/amazon-security-lake-openapi.yml
  type: openapi
workflows:
- workflowId: provision-subscriber
  summary: Create a subscriber and verify it is provisioned and listed.
  description: >-
    Creates a subscriber with its identity and source access, reads it back to
    confirm status, branches on active versus pending, and lists subscribers to
    confirm registration.
  inputs:
    type: object
    required:
    - subscriberName
    - subscriberIdentity
    - sources
    properties:
      subscriberName:
        type: string
        description: The name of the subscriber to create.
      subscriberDescription:
        type: string
        description: A description of the subscriber.
      subscriberIdentity:
        type: object
        description: The identity (external ID and principal) of the subscriber.
        properties:
          externalId:
            type: string
          principal:
            type: string
      sources:
        type: array
        description: The AWS log sources and log types to subscribe to.
        items:
          type: object
      accessTypes:
        type: array
        description: The access types granted to the subscriber (LAKEFORMATION, S3).
        items:
          type: string
  steps:
  - stepId: createSubscriber
    description: >-
      Create the subscriber for the enabled account with the supplied identity,
      sources, and access types.
    operationId: CreateSubscriber
    requestBody:
      contentType: application/json
      payload:
        subscriberName: $inputs.subscriberName
        subscriberDescription: $inputs.subscriberDescription
        subscriberIdentity: $inputs.subscriberIdentity
        sources: $inputs.sources
        accessTypes: $inputs.accessTypes
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      subscriberId: $response.body#/subscriberId
      subscriberArn: $response.body#/subscriberArn
      subscriberStatus: $response.body#/subscriberStatus
  - stepId: getSubscriber
    description: >-
      Read the subscriber back by ID to confirm its provisioned status and
      capture its ARN and resource share details.
    operationId: GetSubscriber
    parameters:
    - name: subscriberId
      in: path
      value: $steps.createSubscriber.outputs.subscriberId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      subscriberId: $response.body#/subscriberId
      subscriberStatus: $response.body#/subscriberStatus
    onSuccess:
    - name: subscriberActive
      type: goto
      stepId: listSubscribers
      criteria:
      - context: $response.body
        condition: $.subscriberStatus == "ACTIVE"
        type: jsonpath
    - name: subscriberPending
      type: goto
      stepId: listSubscribers
      criteria:
      - context: $response.body
        condition: $.subscriberStatus == "PENDING"
        type: jsonpath
  - stepId: listSubscribers
    description: >-
      List the subscribers for the account to confirm the new subscriber is
      registered.
    operationId: ListSubscribers
    parameters:
    - name: maxResults
      in: query
      value: 50
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      subscribers: $response.body#/subscribers
      nextToken: $response.body#/nextToken
  outputs:
    subscriberId: $steps.createSubscriber.outputs.subscriberId
    subscriberArn: $steps.createSubscriber.outputs.subscriberArn
    subscriberStatus: $steps.getSubscriber.outputs.subscriberStatus
    subscribers: $steps.listSubscribers.outputs.subscribers