Amazon Security Lake is in preview release. Your use of the Amazon Security Lake preview is subject to Section 2 of the AWS Service Terms
Disabling Amazon Security Lake
When you disable Security Lake, Security Lake stops collecting data from your sources. However, Security Lake retains all of your existing settings and the resources that it created in your AWS account in the current AWS Region. Data that's stored in your Amazon S3 bucket remains available in accordance with your S3 storage lifecycle. In addition, data that's published to other AWS services, such as sensitive data in AWS Lake Formation tables and AWS CloudTrail logs, also remains available.
If you use the integration with AWS Organizations and your account is part of an organization that centrally manages multiple Security Lake accounts, only the delegated administrator can disable Security Lake for itself and for member accounts. However, leaving an organization stops log collection for a member account.
When you are signed in to the delegated administrator account and disable Security Lake, you have to designate a delegated administrator again before you can re-enable Security Lake. For more information about designating a delegated administrator, see Designating the Security Lake delegated administrator and adding member accounts.
This topic explains how to disable Security Lake by using the Security Lake console, Security Lake API, or AWS CLI.
When you disable Security Lake, Security Lake stops collecting logs for your account or organization (if you are using the integration with Organizations) in all Regions. Security Lake also removes the service-linked role that it created in your account when you enabled the service. However, your settings and resources and data that you stored in or published to other AWS services, such as sensitive data in Lake Formation tables and CloudTrail logs, remain available.
