Identity Datasources

You can access identity and entitlement data directly from Lacework Query Language (LQL) datasources using the Lacework CLI. If you are new to LQL, refer to LQL Overview to learn more. To learn about installing and configuring the CLI, refer to Get Started.

List Available Datasources

The following command lists the available relevant datasources. The prefix LW_ denotes Lacework-created data and CE_ denotes cloud entitlements.

lacework query list-sources | grep LW_CE
LW_CE_ENTITLEMENTS
LW_CE_IDENTITIES
LW_CE_LINKED_IDENTITIES
LW_CE_REMEDIATIONS

Datasource Details

You can use the CLI to view details for the datasources. For example, to view details for the LW_CE_IDENTITIES datasource, run the following command.

lacework query show-source LW_CE_IDENTITIES

Datasource details are also available at Cloud Entitlement Datasources.

Preview Datasources

The following command previews the LW_CE_IDENTITIES datasource.

Example command

lacework query preview-source LW_CE_IDENTITIES

Example output
{
  "ACCESS_KEYS": {},
  "CREATED_TIME": 1635442232000,
  "DOMAIN_ID": "123456789012",
  "LAST_USED_TIME": null,
  "METRICS": {
    "risk_score": 0.0,
    "risk_severity": "INFO"
  },
  "NAME": "ReadOnly+IAMFullAcces",
  "PRINCIPAL_ID": "arn:aws-us-gov:iam::123456789012:group/ReadOnly+IAMFullAcces",
  "PROVIDER_TYPE": "AWS",
  "RECORD_CREATED_TIME": 1697097600000,
  "TAGS": {}
}

List Available Datasources​

Datasource Details​

Preview Datasources​

List Available Datasources

Datasource Details

Preview Datasources