CreateDatalake
Initializes an Amazon Security Lake instance with the provided (or default) configuration. You
can enable Security Lake in AWS Regions with customized settings before enabling
log collection in Regions. You can either use the enableAll
parameter to
specify all Regions or specify the Regions where you want to enable Security Lake. To specify
particular Regions, use the Regions
parameter and then configure these Regions
using the configurations
parameter. If you have already enabled Security Lake in a
Region when you call this command, the command will update the Region if you provide new
configuration parameters. If you have not already enabled Security Lake in the Region when you
call this API, it will set up the data lake in the Region with the specified
configurations.
When you enable Security Lake, it starts ingesting security data after the
CreateAwsLogSource
call. This includes ingesting security data from
sources, storing data, and making data accessible to subscribers. Security Lake also enables
all the existing settings and resources that it stores or maintains for your AWS account in the current Region, including security log and event data. For
more information, see the Amazon Security Lake User
Guide.
Request Syntax
POST /v1/datalake HTTP/1.1
Content-type: application/json
{
"configurations": {
"string
" : {
"encryptionKey": "string
",
"replicationDestinationRegions": [ "string
" ],
"replicationRoleArn": "string
",
"retentionSettings": [
{
"retentionPeriod": number
,
"storageClass": "string
"
}
],
"tagsMap": {
"string
" : "string
"
}
}
},
"enableAll": boolean
,
"metaStoreManagerRoleArn": "string
",
"regions": [ "string
" ]
}
URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- configurations
-
Specify the Region or Regions that will contribute data to the rollup region.
Type: String to LakeConfigurationRequest object map
Valid Keys:
us-east-1 | us-west-2 | eu-central-1 | us-east-2 | eu-west-1 | ap-northeast-1 | ap-southeast-2
Required: No
- enableAll
-
Enable Security Lake in all Regions.
Type: Boolean
Required: No
- metaStoreManagerRoleArn
-
The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
Type: String
Pattern:
^arn:.*
Required: No
- regions
-
Enable Security Lake in the specified Regions. To enable Security Lake in specific AWS Regions, such as us-east-1 or ap-northeast-3, provide the Region codes. For a list of Region codes, see Amazon Security Lake endpoints in the AWS General Reference.
Type: Array of strings
Valid Values:
us-east-1 | us-west-2 | eu-central-1 | us-east-2 | eu-west-1 | ap-northeast-1 | ap-southeast-2
Required: No
Response Syntax
HTTP/1.1 200
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization request. An explicit denial occurs when a policy contains a Deny statement for the specific AWS action. An implicit denial occurs when there is no applicable Deny statement and also no applicable Allow statement.
HTTP Status Code: 403
- ConflictException
-
Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.
HTTP Status Code: 409
- InternalServerException
-
Internal service exceptions are sometimes caused by transient issues. Before you start troubleshooting, perform the operation again.
HTTP Status Code: 500
- ResourceNotFoundException
-
The resource could not be found.
HTTP Status Code: 404
- ServiceQuotaExceededException
-
You have exceeded your service quota. To perform the requested action, remove some of the relevant resources, or use Service Quotas to request a service quota increase.
HTTP Status Code: 402
- ThrottlingException
-
The limit on the number of requests per second was exceeded.
HTTP Status Code: 429
- ValidationException
-
Your signing certificate could not be validated.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: