Architecture details - Security Insights on AWS

Architecture details

This section describes the components and AWS services that make up this solution and the architecture details on how these components work together.

AWS services in this solution

The solution uses the following services. Core services are required to use the solution, and supporting services connect the core services.

Note

This solution does not deploy Security Lake. You must already have Security Lake set up to use this solution. See Prerequisites for more information.

AWS service Description
Amazon Athena Core. The solution uses Amazon Athena to run queries against the data in your Security Lake.
AWS CloudFormation Core. The solution uses AWS CloudFormation to deploy the infrastructure needed to set up the resources in the solution.
AWS Lake Formation Core. The solution creates Lake Formation resource links to run Athena queries and retrieve insights from Lake Formation data.
AWS Lambda Core. The solution provisions six Lambda functions for tasks like creating and updating datasets, setting up Lake Formation permissions, and creating user groups.
Amazon QuickSight Core. The solution uses QuickSight to create analysis and a dashboard to show insights for data in your Security Lake. The solution also uses Amazon Q in QuickSight so that you can ask questions about your data.
Amazon S3 Core. The solution uses Amazon S3 to store query results for Athena.
Amazon SNS Core. The solution uses Amazon SNS to send notifications for errors occurring when running Athena queries.
AWS Systems Manager Core. The solution creates Systems Manager parameters to enable or disable data sources for analysis.
Amazon CloudWatch Supporting. The solution uses CloudWatch Logs to store information about Lambda runs.
Amazon EventBridge Supporting. The solution uses an EventBridge rule to filter error events during Athena query runs and send the event to the SNS topic.
AWS Glue Supporting. The solution uses AWS Glue to set up placeholder data tables needed for the solution deployment. These tables store placeholder data for QuickSight analysis for the initial deployment.