Step 1: Launch the stack
Follow the step-by-step instructions in this section to configure and deploy the solution into your account.
Time to deploy: Approximately five to ten minutes.
-
Sign in to the AWS Management Console
and select the button to launch the security-insights-on-aws.template
AWS CloudFormation template. -
The template launches in the US East (N. Virginia) Region by default. To launch the solution in a different AWS Region, use the Region selector in the console navigation bar.
Note
This solution requires the Security Lake service and the Amazon Q in QuickSight feature, which aren't currently available in all AWS Regions. For the most current availability by Region, see the AWS Regional Services List
. -
On the Create stack page, verify that the correct template URL is in the Amazon S3 URL text box and choose Next.
-
On the Specify stack details page, assign a name to your solution stack. For information about naming character limitations, see IAM and AWS STS quotas, name requirements, and character limits in the AWS Identity and Access Management User Guide.
-
Under Parameters, review the parameters for this solution template and modify them as necessary. This solution uses the following default values.
Parameter Default Description Account ID where Security Lake is created <Requires input>
Account ID in which you created your Security Lake.
Note
You can't update this parameter after you deploy the solution. If you need to change it, see Problem: Change your account ID.
ARN for QuickSight admin user <Requires input>
QuickSight ARN for admin.
To retrieve this ARN, you must have access to a shell or terminal with the AWS CLI installed. For installation instructions, refer to What Is the AWS Command Line Interface in the AWS CLI User Guide. Optionally, you can use the AWS CloudShell
service to run AWS CLI commands. Running the following command returns the list of users with their corresponding QuickSight User ARNs.
aws quicksight list-users --region
<aws-region>
--aws-account-id<account-id>
--namespace<namespace-name>
The
is<namespace-name>
default
, unless explicitly created in Amazon QuickSight.Choose an Admin user, or a user who has permissions to create QuickSight resources in that account and AWS Region.
Create QuickSight User Groups Yes
Select Yes
to create QuickSightUserGroups. If you use Identity Center to manage QuickSight Users, selectNo
as the option for this deployment.Frequency for QuickSight Dataset refresh Weekly
Dataset refresh frequency. The options are DAILY
,WEEKLY
, andMONTHLY
.Day of the week for weekly refresh of QuickSight Dataset Monday
The day of the week on which the dataset refreshes for a WEEKLY
frequency. If the frequency is set toDAILY
orMONTHLY
, this parameter has no impact.Day of the month for monthly refresh of QuickSight Dataset 1
The day of the month on which the dataset refreshes for a MONTHLY
frequency. If the frequency is set toDAILY
orWEEKLY
, this parameter has no impact.Log level for the Lambda functions Info
Log level for Lambda function logs. Email ID to receive QuickSight Dataset refresh alerts <Requires input>
Email address where you want to receive alerts for error notifications. Threshold value in GB for Alarm on Athena Workgroup 100
Threshold value for the alarm on the Athena workgroup. The default measurement is GB, which you can adjust in the unit parameter. Unit for threshold value for Athena Alarm GB
Unit for the threshold value for the Athena alarm. Receive Solution Version Notification
Yes
Select
Yes
to receive a notification when a new version of the solution becomes available.Create QuickSight Q Topics
Yes
Select
Yes
to create Q topics for QuickSight. This allows you to query your data.Note
This feature is only available in certain Regions. See Supported AWS Regions for more information.
-
Select Next.
-
On the Configure stack options page, choose Next.
-
On the Review and create page, review and confirm the settings. Select the box acknowledging that the template will create IAM resources.
-
Choose Submit to deploy the stack.
You can view the status of the stack in the AWS CloudFormation console in the Status column. You should receive a CREATE_COMPLETE status in approximately five to ten minutes.