DeleteAwsLogSource
Removes a natively supported AWS service as an Amazon Security Lake source. When you remove the source, Security Lake stops collecting data from that source, and subscribers can no longer consume new data from the source. Subscribers can still consume data that Security Lake collected from the source before disablement.
You can choose any source type in any AWS Region for either accounts that are part of a trusted organization or standalone accounts. At least one of the three dimensions is a mandatory input to this API. However, you can supply any combination of the three dimensions to this API.
By default, a dimension refers to the entire set. This is overridden when you supply any one of the inputs. For instance, when you do not specify members, the API disables all Security Lake member accounts for sources. Similarly, when you do not specify Regions, Security Lake is disabled for all the Regions where Security Lake is available as a service.
When you don't provide a dimension, Security Lake assumes that the missing dimension refers to the entire set. For example, if you don't provide specific accounts, the API applies to the entire set of accounts in your organization.
Request Syntax
POST /v1/logsources/aws/delete HTTP/1.1
Content-type: application/json
{
"disableAllDimensions": {
"string
" : {
"string
" : [ "string
" ]
}
},
"disableSingleDimension": [ "string
" ],
"disableTwoDimensions": {
"string
" : [ "string
" ]
},
"inputOrder": [ "string
" ]
}
URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- disableAllDimensions
-
Removes the specific AWS sources from specific accounts and specific Regions.
Type: String to string to array of strings map map
Required: No
- disableSingleDimension
-
Removes all AWS sources from specific accounts or Regions.
Type: Array of strings
Pattern:
^[\\\w\-_:/.@=+]*$
Required: No
- disableTwoDimensions
-
Remove a specific AWS source from specific accounts or Regions.
Type: String to array of strings map
Required: No
- inputOrder
-
This is a mandatory input. Specify the input order to disable dimensions in Security Lake, namely Region (AWS Region code, source type, and member (account ID of a specific AWS account).
Type: Array of strings
Valid Values:
REGION | SOURCE_TYPE | MEMBER
Required: Yes
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"failed": [ "string" ],
"processing": [ "string" ]
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- failed
-
Deletion of the AWS sources failed as the account is not a part of the organization.
Type: Array of strings
- processing
-
Deletion of the AWS sources is in progress.
Type: Array of strings
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization request. An explicit denial occurs when a policy contains a Deny statement for the specific AWS action. An implicit denial occurs when there is no applicable Deny statement and also no applicable Allow statement.
HTTP Status Code: 403
- AccountNotFoundException
-
Amazon Security Lake cannot find an AWS account with the accountID that you specified, or the account whose credentials you used to make this request isn't a member of an organization.
HTTP Status Code: 403
- InternalServerException
-
Internal service exceptions are sometimes caused by transient issues. Before you start troubleshooting, perform the operation again.
HTTP Status Code: 500
- ValidationException
-
Your signing certificate could not be validated.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: