CreateDataLake - Amazon Security Lake


Initializes an Amazon Security Lake instance with the provided (or default) configuration. You can enable Security Lake in AWS Regions with customized settings before enabling log collection in Regions. To specify particular Regions, configure these Regions using the configurations parameter. If you have already enabled Security Lake in a Region when you call this command, the command will update the Region if you provide new configuration parameters. If you have not already enabled Security Lake in the Region when you call this API, it will set up the data lake in the Region with the specified configurations.

When you enable Security Lake, it starts ingesting security data after the CreateAwsLogSource call. This includes ingesting security data from sources, storing data, and making data accessible to subscribers. Security Lake also enables all the existing settings and resources that it stores or maintains for your AWS account in the current Region, including security log and event data. For more information, see the Amazon Security Lake User Guide.

Request Syntax

POST /v1/datalake HTTP/1.1 Content-type: application/json { "configurations": [ { "encryptionConfiguration": { "kmsKeyId": "string" }, "lifecycleConfiguration": { "expiration": { "days": number }, "transitions": [ { "days": number, "storageClass": "string" } ] }, "region": "string", "replicationConfiguration": { "regions": [ "string" ], "roleArn": "string" } } ], "metaStoreManagerRoleArn": "string", "tags": [ { "key": "string", "value": "string" } ] }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.


Specify the Region or Regions that will contribute data to the rollup region.

Type: Array of DataLakeConfiguration objects

Array Members: Minimum number of 1 item.

Required: Yes


The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.

Type: String

Pattern: ^arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$

Required: Yes


An array of objects, one for each tag to associate with the data lake configuration. For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string.

Type: Array of Tag objects

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "dataLakes": [ { "createStatus": "string", "dataLakeArn": "string", "encryptionConfiguration": { "kmsKeyId": "string" }, "lifecycleConfiguration": { "expiration": { "days": number }, "transitions": [ { "days": number, "storageClass": "string" } ] }, "region": "string", "replicationConfiguration": { "regions": [ "string" ], "roleArn": "string" }, "s3BucketArn": "string", "updateStatus": { "exception": { "code": "string", "reason": "string" }, "requestId": "string", "status": "string" } } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The created Security Lake configuration object.

Type: Array of DataLakeResource objects


For information about the errors that are common to all actions, see Common Errors.


You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization request. An explicit denial occurs when a policy contains a Deny statement for the specific AWS action. An implicit denial occurs when there is no applicable Deny statement and also no applicable Allow statement.

HTTP Status Code: 403


The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.

HTTP Status Code: 400


Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

HTTP Status Code: 409


Internal service exceptions are sometimes caused by transient issues. Before you start troubleshooting, perform the operation again.

HTTP Status Code: 500


The resource could not be found.

HTTP Status Code: 404


The limit on the number of requests per second was exceeded.

HTTP Status Code: 429

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: