UpdateDatalake - Amazon Security Lake


Specifies where to store your security data and for how long. You can add a rollup Region to consolidate data from multiple AWS Regions.

Request Syntax

PUT /v1/datalake HTTP/1.1 Content-type: application/json { "configurations": { "string" : { "encryptionKey": "string", "replicationDestinationRegions": [ "string" ], "replicationRoleArn": "string", "retentionSettings": [ { "retentionPeriod": number, "storageClass": "string" } ], "tagsMap": { "string" : "string" } } } }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.


Specify the Region or Regions that will contribute data to the rollup region.

Type: String to LakeConfigurationRequest object map

Valid Keys: us-east-1 | us-west-2 | eu-central-1 | us-east-2 | eu-west-1 | ap-northeast-1 | ap-southeast-2

Required: Yes

Response Syntax

HTTP/1.1 200

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.


For information about the errors that are common to all actions, see Common Errors.


You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization request. An explicit denial occurs when a policy contains a Deny statement for the specific AWS action. An implicit denial occurs when there is no applicable Deny statement and also no applicable Allow statement.

HTTP Status Code: 403


Represents an error interacting with the Amazon EventBridge service.

HTTP Status Code: 400


Internal service exceptions are sometimes caused by transient issues. Before you start troubleshooting, perform the operation again.

HTTP Status Code: 500


The resource could not be found.

HTTP Status Code: 404


Your signing certificate could not be validated.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: