Request Syntax URI Request Parameters Request Body Response Syntax Response Elements Errors See Also

CreateSubscriber

Creates a subscription permission for accounts that are already enabled in Amazon Security Lake. You can create a subscriber with access to data in the current AWS Region.

Request Syntax


POST /v1/subscribers HTTP/1.1
Content-type: application/json

{
   "accessTypes": [ "string" ],
   "accountId": "string",
   "externalId": "string",
   "sourceTypes": [ 
      { 
         "awsSourceType": "string",
         "customSourceType": "string"
      }
   ],
   "subscriberDescription": "string",
   "subscriberName": "string"
}

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

accessTypes

The Amazon S3 or AWS Lake Formation access type.

Type: Array of strings

Valid Values: LAKEFORMATION | S3

Required: No

accountId

The AWS account ID used to access your data.

Type: String

Length Constraints: Fixed length of 12.

Pattern: ^\d+$

Required: Yes

externalId

The external ID of the subscriber. This lets the user that is assuming the role assert the circumstances in which they are operating. It also provides a way for the account owner to permit the role to be assumed only under specific circumstances.

Type: String

Pattern: ^[\\\w\-_:/.@=+]*$

Required: Yes

sourceTypes

The supported AWS services from which logs and events are collected. Security Lake supports log and event collection for natively supported AWS services.

Type: Array of SourceType objects

Required: Yes

subscriberDescription

The description for your subscriber account in Security Lake.

Type: String

Pattern: ^[\\\w\-_:/.@=+]*$

Required: No

subscriberName

The name of your Security Lake subscriber account.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 64.

Required: Yes

Response Syntax


HTTP/1.1 200
Content-type: application/json

{
   "roleArn": "string",
   "s3BucketArn": "string",
   "snsArn": "string",
   "subscriptionId": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

roleArn

The Amazon Resource Name (ARN) created by you to provide to the subscriber. For more information about ARNs and how to use them in policies, see Amazon Security Lake User Guide.

Type: String

Pattern: ^arn:.*

s3BucketArn

The ARN for the Amazon S3 bucket.

Type: String

snsArn

The ARN for the Amazon Simple Notification Service.

Type: String

subscriptionId

The subscriptionId created by the CreateSubscriber API call.

Type: String

Pattern: [a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization request. An explicit denial occurs when a policy contains a Deny statement for the specific AWS action. An implicit denial occurs when there is no applicable Deny statement and also no applicable Allow statement.

HTTP Status Code: 403

AccountNotFoundException

Amazon Security Lake cannot find an AWS account with the accountID that you specified, or the account whose credentials you used to make this request isn't a member of an organization.

HTTP Status Code: 403

BucketNotFoundException

Amazon Security Lake generally returns 404 errors if the requested object is missing from the bucket.

HTTP Status Code: 409

ConflictSubscriptionException

A conflicting subscription exception operation is in progress.

HTTP Status Code: 400

InternalServerException

Internal service exceptions are sometimes caused by transient issues. Before you start troubleshooting, perform the operation again.

HTTP Status Code: 500

InvalidInputException

The request was rejected because a value that's not valid or is out of range was supplied for an input parameter.

HTTP Status Code: 400

ResourceNotFoundException

The resource could not be found.

HTTP Status Code: 404

ValidationException

Your signing certificate could not be validated.

HTTP Status Code: 400