Download CloudFormation Template Files Using the API
You can download CloudFormation template files using the Template Files API.
Download the EKS Audit CloudFormation Template File
The EKS Audit CloudFormation template file configures resources to allow for the monitoring of Kubernetes runtime security using EKS audit logs.
- Generate and specify an access token in the request header using the instructions in API Keys and Access Tokens.
- Invoke the following endpoint:
GET https://YourLacework.lacework.net/api/v2/TemplateFiles/AwsEksAudit
Download the EKS Audit CloudFormation Subscription Filter Template File
After you create the EKS audit log integration, you must instrument the cluster. The EKS Audit CloudFormation Subscription Filter template file configures an EKS cluster log group to monitor EKS runtime security.
- Generate and specify an access token in the request header using the instructions in API Keys and Access Tokens.
- Invoke the following endpoint:
GET https://YourLacework.lacework.net/api/v2/TemplateFiles/AwsEksAuditSubscriptionFilter
Optionally pass in intgGuid as a query parameter for the AwsEksAuditSubscriptionFilter template file name. This allows the intgGuid to get the SNS ARN, create the firehose ARN, and insert it into the template before returning it. This means you don't have to find the firehoseARN and insert it manually. Use the GET https://YourLacework.lacework.net/api/v2/CloudAccounts endpoint to obtain the integration’s intgGuid.
This example invocation includes the intgGuid:
GET https://YourLacework.lacework.net/api/v2/TemplateFiles/AwsEksAuditSubscriptionFilter?intgGuid=<intg_guid>
Invoking the endpoint in Postman returns the subscription filter in the response body.
Use the CLI
You can also use the Lacework CLI to download the CloudFormation subscription filter template file.
- Configure the Lacework CLI. For more information, see Get Started with the Lacework CLI.
- Run the following command:
lacework api get TemplateFiles/AwsEksAuditSubscriptionFilter?intgGuid=<intg_guid>