Step 1: Launch the stack - Security Insights on AWS

Step 1: Launch the stack

Follow the step-by-step instructions in this section to configure and deploy the solution into your account.

Time to deploy: Approximately five to ten minutes.

  1. Sign in to the AWS Management Console and select the button to launch the security-insights-on-aws.template AWS CloudFormation template.

    Launch solution button.

  2. The template launches in the US East (N. Virginia) Region by default. To launch the solution in a different AWS Region, use the Region selector in the console navigation bar.

    Note

    This solution requires the Security Lake service and the Amazon Q in QuickSight feature, which aren't currently available in all AWS Regions. For the most current availability by Region, see the AWS Regional Services List.

  3. On the Create stack page, verify that the correct template URL is in the Amazon S3 URL text box and choose Next.

  4. On the Specify stack details page, assign a name to your solution stack. For information about naming character limitations, see IAM and AWS STS quotas, name requirements, and character limits in the AWS Identity and Access Management User Guide.

  5. Under Parameters, review the parameters for this solution template and modify them as necessary. This solution uses the following default values.

    Parameter Default Description
    Account ID where Security Lake is created

    <Requires input>

    Account ID in which you created your Security Lake.

    Note

    You can't update this parameter after you deploy the solution. If you need to change it, see Problem: Change your account ID.

    ARN for QuickSight admin user

    <Requires input>

    QuickSight ARN for admin.

    To retrieve this ARN, you must have access to a shell or terminal with the AWS CLI installed. For installation instructions, refer to What Is the AWS Command Line Interface in the AWS CLI User Guide. Optionally, you can use the AWS CloudShell service to run AWS CLI commands.

    Running the following command returns the list of users with their corresponding QuickSight User ARNs.

    aws quicksight list-users --region <aws-region> --aws-account-id <account-id> --namespace <namespace-name>

    The <namespace-name> is default, unless explicitly created in Amazon QuickSight.

    Choose an Admin user, or a user who has permissions to create QuickSight resources in that account and AWS Region.

    Create QuickSight User Groups Yes Select Yes to create QuickSightUserGroups. If you use Identity Center to manage QuickSight Users, select No as the option for this deployment.
    Frequency for QuickSight Dataset refresh

    Weekly

    Dataset refresh frequency. The options are DAILY, WEEKLY, and MONTHLY.
    Day of the week for weekly refresh of QuickSight Dataset

    Monday

    The day of the week on which the dataset refreshes for a WEEKLY frequency. If the frequency is set to DAILY or MONTHLY, this parameter has no impact.
    Day of the month for monthly refresh of QuickSight Dataset

    1

    The day of the month on which the dataset refreshes for a MONTHLY frequency. If the frequency is set to DAILY or WEEKLY, this parameter has no impact.
    Log level for the Lambda functions

    Info

    Log level for Lambda function logs.
    Email ID to receive QuickSight Dataset refresh alerts

    <Requires input>

    Email address where you want to receive alerts for error notifications.
    Threshold value in GB for Alarm on Athena Workgroup

    100

    Threshold value for the alarm on the Athena workgroup. The default measurement is GB, which you can adjust in the unit parameter.
    Unit for threshold value for Athena Alarm

    GB

    Unit for the threshold value for the Athena alarm.

    Receive Solution Version Notification

    Yes

    Select Yes to receive a notification when a new version of the solution becomes available.

    Create QuickSight Q Topics

    Yes

    Select Yes to create Q topics for QuickSight. This allows you to query your data.

    Note

    This feature is only available in certain Regions. See Supported AWS Regions for more information.

  6. Select Next.

  7. On the Configure stack options page, choose Next.

  8. On the Review and create page, review and confirm the settings. Select the box acknowledging that the template will create IAM resources.

  9. Choose Submit to deploy the stack.

    You can view the status of the stack in the AWS CloudFormation console in the Status column. You should receive a CREATE_COMPLETE status in approximately five to ten minutes.