securitylake

31 actions in the securitylake service. Select an action to see its access level, resource ARNs, condition keys, and a copy-paste IAM policy.

securitylake:CreateAwsLogSource

Write

Grants permission to enable any source type in any region for accounts that are either part of a trusted organization or standalone account

securitylake:CreateCustomLogSource

Write

Grants permission to add a custom source

securitylake:CreateDataLake

Write

Grants permission to create a new security data lake

securitylake:CreateDataLakeExceptionSubscription

Write

Grants permission to get instant notifications about exceptions. Subscribes to the SNS topics for exception notifications

securitylake:CreateDataLakeOrganizationConfiguration

Write

Grants permission to automatically enable Amazon Security Lake for new member accounts in your organization

securitylake:CreateSubscriber

Write

Grants permission to create a subscriber

securitylake:CreateSubscriberNotification

Write

Grants permission to create a webhook invocation to notify a client when there is new data in the data lake

securitylake:DeleteAwsLogSource

Write

Grants permission to disable any source type in any region for accounts that are part of a trusted organization or standalone accounts

securitylake:DeleteCustomLogSource

Write

Grants permission to remove a custom source

securitylake:DeleteDataLake

Write

Grants permission to delete security data lake

securitylake:DeleteDataLakeExceptionSubscription

Write

Grants permission to unsubscribe from SNS topics for exception notifications. Removes exception notifications for the SNS topic

securitylake:DeleteDataLakeOrganizationConfiguration

Write

Grants permission to remove the automatic enablement of Amazon Security Lake access for new organization accounts

securitylake:DeleteSubscriber

Write

Grants permission to delete the specified subscriber

securitylake:DeleteSubscriberNotification

Write

Grants permission to remove a webhook invocation to notify a client when there is new data in the data lake

securitylake:DeregisterDataLakeDelegatedAdministrator

Write

Grants permission to remove the Delegated Administrator account and disable Amazon Security Lake as a service for this organization

securitylake:GetDataLakeExceptionSubscription

Read

Grants permission to query the protocol and endpoint that were provided when subscribing to SNS topics for exception notifications

securitylake:GetDataLakeOrganizationConfiguration

Read

Grants permission to get an organization's configuration setting for automatically enabling Amazon Security Lake access for new organization accounts

securitylake:GetDataLakeSources

Read

Grants permission to get a static snapshot of the security data lake in the current region. The snapshot includes enabled accounts and log sources

securitylake:GetSubscriber

Read

Grants permission to get information about subscriber that is already created

securitylake:ListDataLakeExceptions

List

Grants permission to get the list of all non-retryable failures

securitylake:ListDataLakes

List

Grants permission to list information about the security data lakes

securitylake:ListLogSources

List

Grants permission to view the enabled accounts. You can view the enabled sources in the enabled regions

securitylake:ListSubscribers

List

Grants permission to list all subscribers

securitylake:ListTagsForResource

List

Grants permission to list all tags for the resource

securitylake:RegisterDataLakeDelegatedAdministrator

Write

Grants permission to designate an account as the Amazon Security Lake administrator account for the organization

securitylake:TagResource

Tagging

Grants permission to add tags to the resource

securitylake:UntagResource

Tagging

Grants permission to remove tags from the resource

securitylake:UpdateDataLake

Write

Grants permission to update a security data lake

securitylake:UpdateDataLakeExceptionSubscription

Write

Grants permission to update subscriptions to the SNS topics for exception notifications

securitylake:UpdateSubscriber

Write

Grants permission to update subscriber

securitylake:UpdateSubscriberNotification

Write

Grants permission to update a webhook invocation to notify a client when there is new data in the data lake