{ "AWSTemplateFormatVersion":"2010-09-09", "Description":"OpenSearch for Amazon Security Lake - Kickoff Stack. **Attention** This template creates AWS resources that will incur charges on your account.", "Parameters":{ "AssetsBucketName": { "Type": "String", "Description": "Name of the S3 bucket containing the assets" }, "IPAddressRange": { "Type": "String", "Description": "Enter the IP address range to allow access to the security group (e.g. 10.0.0.0/24). Leave as 0.0.0.0/0 for internet access", "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\/([1-2]?[0-9]|3[0-2])$", "ConstraintDescription": "The IP address range must be in the format x.x.x.x/x (e.g. 10.0.0.0/24)." }, "DataNodeInstanceType": { "Type": "String", "Default": "r6g.large.search", "Description": "The instance type for the data nodes" }, "MasterNodeInstanceType": { "Type": "String", "Default": "m6g.large.search", "Description": "The instance type for the master nodes" }, "EBSVolumeSize": { "Type": "Number", "Default": 100, "Description": "The size of the EBS volume in GiB" }, "SecLakeSubscriberSqsQueueURL":{ "Type":"String", "Description": "SecLake Subscriber SQS Queue URL set up in Log Archive Account" }, "SecurityLakeBucketName":{ "Type":"String", "Description": "Security Lake Subscriber S3 Bucket name from Log Archive Account." }, "SecLakeSubscriberSqsQueueArn": { "Type": "String", "Description": "ARN of the SQS queue from your Security Lake subscriber. It should look like this - arn:aws:sqs:ap-southeast-1:xxxxxxxx:AmazonSecurityLake-xxxxx-xxxx-xxxx-xxx-bd11d35431d9-Main-Queue" } }, "Resources":{ "cognito": { "Type" : "AWS::CloudFormation::Stack", "DependsOn": "network", "Properties" : { "TemplateURL" : { "Fn::Sub": "https://${AssetsBucketName}.s3.amazonaws.com/cloudformation/quickstart-cognito.json" }, "Parameters" : { "NetworkStackName" : {"Fn::GetAtt":["network","Outputs.StackName"]} } } }, "network": { "Type" : "AWS::CloudFormation::Stack", "Properties" : { "TemplateURL" : { "Fn::Sub": "https://${AssetsBucketName}.s3.amazonaws.com/cloudformation/quickstart-network.json" }, "Parameters" : { "EnvironmentTag" : {"Fn::Select":["4",{"Fn::Split":["-",{"Fn::Select":["2",{"Fn::Split":["/",{"Ref":"AWS::StackId"}]}]}]}]}, "CIDRPrefix" : "10.1" } } }, "ossearch" : { "Type" : "AWS::CloudFormation::Stack", "Properties" : { "TemplateURL" : { "Fn::Sub": "https://${AssetsBucketName}.s3.amazonaws.com/cloudformation/quickstart-domain.json" }, "Parameters" : { "MasterNodeInstanceType" : {"Ref": "MasterNodeInstanceType"}, "EBSVolumeSize": {"Ref": "EBSVolumeSize"}, "NetworkStackName" : { "Fn::GetAtt" : [ "network", "Outputs.StackName" ] }, "CognitoStackName" : { "Fn::GetAtt" : [ "cognito", "Outputs.StackName" ] }, "SearchDomainName" : {"Fn::Join":["",["securitylake-os-",{"Fn::Select":["4",{"Fn::Split":["-",{"Fn::Select":["2",{"Fn::Split":["/",{"Ref":"AWS::StackId"}]}]}]}]}]]}, "DataNodeInstanceType" : {"Ref": "DataNodeInstanceType"} } } }, "osproxy" : { "Type" : "AWS::CloudFormation::Stack", "Properties" : { "TemplateURL" :{ "Fn::Sub": "https://${AssetsBucketName}.s3.amazonaws.com/cloudformation/quickstart-dashboards-proxy.json" }, "Parameters" : { "NetworkStackName" : { "Fn::GetAtt" : [ "network", "Outputs.StackName" ] }, "SearchStackName" : { "Fn::GetAtt" : [ "ossearch", "Outputs.StackName" ] }, "CognitoStackName" : { "Fn::GetAtt" : [ "cognito", "Outputs.StackName" ] }, "IPAddressRange": {"Ref": "IPAddressRange"}, "LambdaFunctionObjectBucket": {"Ref": "AssetsBucketName"} } } }, "osipipeline" : { "DependsOn": "osproxy", "Type" : "AWS::CloudFormation::Stack", "Properties" : { "TemplateURL" : { "Fn::Sub": "https://${AssetsBucketName}.s3.amazonaws.com/cloudformation/quickstart-OSI-integrated.yaml" }, "Parameters" : { "NetworkStackName" : { "Fn::GetAtt" : [ "network", "Outputs.StackName" ] }, "SearchStackName" : { "Fn::GetAtt" : [ "ossearch", "Outputs.StackName" ] }, "SecurityLakeBucketName" : {"Ref": "SecurityLakeBucketName"}, "SecLakeSubscriberSqsQueueArn": {"Ref": "SecLakeSubscriberSqsQueueArn"}, "SecLakeSubscriberSqsQueueURL": {"Ref": "SecLakeSubscriberSqsQueueURL"}, "OpenSearchDomainEndpoint": {"Fn::Sub": "https://${ossearch.Outputs.SearchEndpoint}"}, "OpenSearchDomainArn" : {"Fn::GetAtt": [ "ossearch", "Outputs.SearchDomainARN" ] } } } } }, "Outputs":{ "NetworkStack":{ "Description":"NetworkStackName", "Value": { "Fn::GetAtt" : [ "network", "Outputs.StackName" ] }, "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-NetworkStackName" }} }, "OSSearchEndpoint":{ "Description":"SearchEndpoint", "Value": { "Fn::GetAtt" : [ "ossearch", "Outputs.SearchEndpoint" ] }, "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SearchEndpoint" }} }, "OSSearchDomainName":{ "Description":"Domain name for the search cluster.", "Value": { "Fn::GetAtt" : [ "ossearch", "Outputs.SearchDomainName" ] }, "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SearchDomainName" }} }, "DashboardsProxyURL":{ "Description":"Dashboards Proxy URL.", "Value": { "Fn::GetAtt" : [ "osproxy", "Outputs.DashboardsProxyURL" ] }, "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-DashboardsProxyURL" }} }, "DashboardsProxyRoleArn":{ "Description":"Dashboards proxy role ARN for FGAC role mapping.", "Value": { "Fn::GetAtt" : [ "osproxy", "Outputs.DashboardsProxyRoleArn" ] }, "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-DashboardsProxyRoleArn" }} }, "CognitoUser":{ "Description":"This is the cognito user.", "Value": { "Fn::GetAtt" : [ "cognito", "Outputs.CognitoUser" ] }, "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-CognitoUser" }} }, "OpenSearchInitRoleARN":{ "Description":"This is the role used by the Lambda function to initialize the OpenSearch cluster.", "Value": { "Fn::GetAtt" : [ "osproxy", "Outputs.OpenSearchInitRoleARN" ] }, "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-OSInitRoleARN" }} }, "PipelineRole":{ "Description":"This is the role used by the OpenSearch pipeline to send logs from Security Lake to OpenSearch.", "Value": { "Fn::GetAtt" : [ "osipipeline", "Outputs.IAMRoleArn" ] }, "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-IAMRoleArn" }} } } }