Download CloudFormation Template Files Using the API

Download the EKS Audit CloudFormation Template File

The EKS Audit CloudFormation template file configures resources to allow for the monitoring of Kubernetes runtime security using EKS audit logs.

Invoke the following endpoint:

GET https://YourLacework.lacework.net/api/v2/TemplateFiles/AwsEksAudit

Download the EKS Audit CloudFormation Subscription Filter Template File

After you create the EKS audit log integration, you must instrument the cluster. The EKS Audit CloudFormation Subscription Filter template file configures an EKS cluster log group to monitor EKS runtime security.

Invoke the following endpoint:

GET https://YourLacework.lacework.net/api/v2/TemplateFiles/AwsEksAuditSubscriptionFilter

Optionally pass in intgGuid as a query parameter for the AwsEksAuditSubscriptionFilter template file name. This allows the intgGuid to get the SNS ARN, create the firehose ARN, and insert it into the template before returning it. This means you don't have to find the firehoseARN and insert it manually. Use the GET https://YourLacework.lacework.net/api/v2/CloudAccounts endpoint to obtain the integration’s intgGuid.

This example invocation includes the intgGuid:

GET https://YourLacework.lacework.net/api/v2/TemplateFiles/AwsEksAuditSubscriptionFilter?intgGuid=arn:aws:sns:us-west-2:123456789012:resource-id

Invoking the endpoint in Postman would look similar to the following with the response body returning the subscription filter:

Use the CLI

You can also use the Lacework CLI to download the CloudFormation subscription filter template file. Run the following command:

lacework api get TemplateFiles/AwsEksAuditSubscriptionFilter?intgGuid=<intg_guid>