Disabling Amazon Security Lake - Amazon Security Lake

Amazon Security Lake is in preview release. Your use of the Amazon Security Lake preview is subject to Section 2 of the AWS Service Terms ("Betas and Previews").

Disabling Amazon Security Lake

When you disable Security Lake, Security Lake stops collecting data from your sources. However, Security Lake retains all of your existing settings and the resources that it created in your AWS account in the current AWS Region. Data that's stored in your Amazon S3 bucket remains available in accordance with your S3 storage lifecycle. In addition, data that's published to other AWS services, such as sensitive data in AWS Lake Formation tables and AWS CloudTrail logs, also remains available.

If you use the integration with AWS Organizations and your account is part of an organization that centrally manages multiple Security Lake accounts, only the delegated administrator can disable Security Lake for itself and for member accounts. However, leaving an organization stops log collection for a member account.

Note

When you are signed in to the delegated administrator account and disable Security Lake, you have to designate a delegated administrator again before you can re-enable Security Lake. For more information about designating a delegated administrator, see Designating the Security Lake delegated administrator and adding member accounts.

This topic explains how to disable Security Lake by using the Security Lake console, Security Lake API, or AWS CLI.

Console
  1. Open the Security Lake console at https://console.aws.amazon.com/securitylake/.

    Sign in with the credentials of the delegated administrator.

  2. In the navigation pane, choose Settings and then General.

  3. Choose Disable Security Lake.

  4. When prompted for confirmation, enter Disable, and then choose Disable.

API

Run DeleteDatalake from the delegated administrator account to disable Security Lake in all Regions.

AWS CLI

Run the delete-datalake command from the delegated administrator account to disable Security Lake in all Regions:

aws securitylake delete-datalake
Warning

When you disable Security Lake, Security Lake stops collecting logs for your account or organization (if you are using the integration with Organizations) in all Regions. Security Lake also removes the service-linked role that it created in your account when you enabled the service. However, your settings and resources and data that you stored in or published to other AWS services, such as sensitive data in Lake Formation tables and CloudTrail logs, remain available.