Manage Lacework with AWS CloudFormation and CDK
The Lacework Polygraph® Data Platform provides our customers with a variety of ways to manage your cloud security. From our command-line interface (CLI), to language software development kits (SDKs), to infrastructure-as-code (IaC), security engineers and site reliability engineers (SREs) have numerous options to automate cloud security management. To help your teams work quickly and securely, we provide Terraform modules to help you use automation to manage every facet of our platform as code. CloudFormation is AWS’ service that helps users create, integrate, and manage infrastructure with code, and we’re excited to announce that new Lacework CloudFormation extensions are now available in the CloudFormation Public Registry. These extensions will allow you to use CloudFormation templates to manage Polygraph Data Platform configuration.
Fig.1 New Lacework CloudFormation Extensions in the CloudFormation Public Registry
With Lacework CloudFormation extensions, you can create your own CloudFormation templates to manage your Lacework accounts, alert channels, container registries and Lacework Query Language (LQL) queries as CloudFormation resources. This also means that the full CloudFormation resource lifecycle is available from CREATE to UPDATE and then to DELETE. This makes it easy to provision, change, and delete Lacework configurations. The following example shows how CloudFormation is used to configure a Lacework alert channel.
Alert channels are used to send notifications about security findings. These alerts can notify you about anything from new vulnerabilities in software to cloud environment security misconfigurations to potential security breaches detected by our patented machine learning. It’s important for customers to use alerts to triage and resolve security issues quickly, and CloudFormation makes this much easier to set up. CloudFormation can be executed from the CloudFormation console or the AWS CLI and enables alerts to be automated, reused, shared, and modularized.
The Lacework CloudFormation extensions are available in the CloudFormation Public Registry, which means they are also available in the AWS Cloud Development Kit (CDK). You can now write JavaScript, TypeScript, Python, Java, C#, and Go to manage your Lacework resources alongside your AWS resources.
Follow these steps to get started and activate the Lacework CloudFormation extensions in the CloudFormation public registry. Then, read our documentation to get familiar with these new extensions. Use our example CloudFormation templates for inspiration.
This is just the beginning—more Lacework CloudFormation extensions are being developed, including those just announced at AWS re:Invent.
