CreateAwsLogSource - Amazon Security Lake


Adds a natively supported AWS service as an Amazon Security Lake source. Enables source types for member accounts in required AWS Regions, based on the parameters you specify. You can choose any source type in any Region for either accounts that are part of a trusted organization or standalone accounts. At least one of the three dimensions is a mandatory input to this API. However, you can supply any combination of the three dimensions to this API.

By default, a dimension refers to the entire set. When you don't provide a dimension, Security Lake assumes that the missing dimension refers to the entire set. This is overridden when you supply any one of the inputs. For instance, when you do not specify members, the API enables all Security Lake member accounts for all sources. Similarly, when you do not specify Regions, Security Lake is enabled for all the Regions where Security Lake is available as a service.

You can use this API only to enable natively supported AWS services as a source. Use CreateCustomLogSource to enable data collection from a custom source.

Request Syntax

POST /v1/logsources/aws HTTP/1.1 Content-type: application/json { "enableAllDimensions": { "string" : { "string" : [ "string" ] } }, "enableSingleDimension": [ "string" ], "enableTwoDimensions": { "string" : [ "string" ] }, "inputOrder": [ "string" ] }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.


Enables data collection from specific AWS sources in all specific accounts and specific Regions.

Type: String to string to array of strings map map

Required: No


Enables data collection from all AWS sources in specific accounts or Regions.

Type: Array of strings

Pattern: ^[\\\w\-_:/.@=+]*$

Required: No


Enables data collection from specific AWS sources in specific accounts or Regions.

Type: String to array of strings map

Required: No


Specifies the input order to enable dimensions in Security Lake, namely Region, source type, and member account.

Type: Array of strings


Required: Yes

Response Syntax

HTTP/1.1 200 Content-type: application/json { "failed": [ "string" ], "processing": [ "string" ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


Lists all accounts in which enabling a natively supported AWS service as a Security Lake source failed. The failure occurred as these accounts are not part of an organization.

Type: Array of strings


Lists the accounts that are in the process of enabling a natively supported AWS service as a Security Lake source.

Type: Array of strings


For information about the errors that are common to all actions, see Common Errors.


You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization request. An explicit denial occurs when a policy contains a Deny statement for the specific AWS action. An implicit denial occurs when there is no applicable Deny statement and also no applicable Allow statement.

HTTP Status Code: 403


Amazon Security Lake cannot find an AWS account with the accountID that you specified, or the account whose credentials you used to make this request isn't a member of an organization.

HTTP Status Code: 403


Internal service exceptions are sometimes caused by transient issues. Before you start troubleshooting, perform the operation again.

HTTP Status Code: 500


The resource could not be found.

HTTP Status Code: 404


Provides an extension of the AmazonServiceException for errors reported by Amazon S3 while processing a request. In particular, this class provides access to the Amazon S3 extended request ID. If Amazon S3 is incorrectly handling a request and you need to contact Amazon, this extended request ID may provide useful debugging information.

HTTP Status Code: 400


Your signing certificate could not be validated.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: