Architecture details
This section describes the components and AWS services that make up this solution and the architecture details on how these components work together.
AWS services in this solution
The solution uses the following services. Core services are required to use the solution, and supporting services connect the core services.
Note
This solution does not deploy Security Lake. You must already have Security Lake set up to use this solution. See Prerequisites for more information.
AWS service | Description |
---|---|
Amazon Athena |
Core. The solution uses Amazon Athena to run queries against the data in your Security Lake. |
AWS CloudFormation |
Core. The solution uses AWS CloudFormation to deploy the infrastructure needed to set up the resources in the solution. |
AWS Lake Formation |
Core. The solution creates Lake Formation resource links to run Athena queries and retrieve insights from Lake Formation data. |
AWS Lambda |
Core. The solution provisions six Lambda functions for tasks like creating and updating datasets, setting up Lake Formation permissions, and creating user groups. |
Amazon QuickSight |
Core. The solution uses QuickSight to create analysis and a dashboard to show insights for data in your Security Lake. The solution also uses Amazon Q in QuickSight so that you can ask questions about your data. |
Amazon S3 |
Core. The solution uses Amazon S3 to store query results for Athena. |
Amazon SNS |
Core. The solution uses Amazon SNS to send notifications for errors occurring when running Athena queries. |
AWS Systems Manager |
Core. The solution creates Systems Manager parameters to enable or disable data sources for analysis. |
Amazon CloudWatch |
Supporting. The solution uses CloudWatch Logs to store information about Lambda runs. |
Amazon EventBridge |
Supporting. The solution uses an EventBridge rule to filter error events during Athena query runs and send the event to the SNS topic. |
AWS Glue |
Supporting. The solution uses AWS Glue to set up placeholder data tables needed for the solution deployment. These tables store placeholder data for QuickSight analysis for the initial deployment. |