Architecture overview - Security Insights on AWS

Architecture overview

This section provides a reference implementation architecture diagram for the components deployed with this solution, as well as Well-Architected considerations.

Architecture diagram

Deploying this solution with the default parameters deploys the following components in your AWS account. The left side of the diagram shows the Security Lake account that you set up before deploying this solution. The right side of the diagram shows the solution deployed in a shared account with a QuickSight admin user.

Solution creates resources in your Amazon QuickSight account to visualize data from your Security Lake.

Security Insights on AWS architecture on AWS

Note

AWS CloudFormation resources are created from AWS CDK constructs.

The high-level process flow for the solution components deployed with the AWS CloudFormation template is as follows:

  1. Create permissions – The solution sets up the permissions needed to visualize the data from your Amazon Security Lake. As part of this setup, the solution:

    1. Adds the AWS Identity and Access Management (IAM) role for the CreateLakeFormationPermissions AWS Lambda function as one of the admins for the Security Lake.

    2. Grants Describe and Select permissions on the Security Lake database and AWS Lake Formation data tables to the following principals:

      • Service-linked role for QuickSight

      • QuickSight admin user provided in the input parameters to the solution's CloudFormation template

      • QuickSight user groups created by the solution

  2. Create datasets – The solution provisions QuickSight datasets that are required for the QuickSight widgets.

  3. Create refresh schedules – The solution provisions the QuickSight datasets with the refresh schedule provided as an input to the solution's CloudFormation template.

  4. Create Athena workgroup – The solution creates an Athena workgroup and runs all the SQL queries for the QuickSight datasets as part of this workgroup. As part of this setup, the solution:

    1. Creates an Amazon Simple Storage Service (Amazon S3) bucket to store Athena results.

    2. Creates a CloudWatch alarm for the Athena workgroup. You can set this threshold when deploying the solution's CloudFormation template. If the solution exceeds the threshold, the CloudWatch alarm invokes an action to send an Amazon SNS notification to the provided email address.

  5. Manage QuickSight users – The solution provisions three QuickSight user groups with read, write, and admin permissions. You can use these groups to give different levels of access to the QuickSight analysis and dashboard.

  6. AWS Systems Manager parameters to configure QuickSight dashboards – After launching the solution, you must enable the data sources for which you want to see the QuickSight analysis and dashboard insights.