Subscriber management in Amazon Security Lake - Amazon Security Lake

Subscriber management in Amazon Security Lake

An Amazon Security Lake subscriber consumes logs and events from Security Lake. To control costs and adhere to least privilege access best practices, you provide subscribers access to data on a per-source basis. For more information about sources, see Source management in Amazon Security Lake.

Security Lake supports two types of subscriber access:

  • Data access – Subscribers are notified of new Amazon S3 objects for a source as the objects are written to the Security Lake data lake. Subscribers can directly access the S3 objects and receive notifications of new objects through a subscription endpoint or by polling an Amazon Simple Queue Service (Amazon SQS) queue. This subscription type is identified as S3 in the accessTypes parameter of the CreateSubscriber API.

  • Query access – Subscribers query source data from AWS Lake Formation tables in your S3 bucket by using services like Amazon Athena. This subscription type is identified as LAKEFORMATION in the accessTypes parameter of the CreateSubscriber API.

Subscribers only have access to the source data in the AWS Region that you select when you create the subscriber. To give a subscriber access to data from multiple Regions, you can specify the Region where you create the subscriber as a rollup Region and have other Regions contribute data to it. For more information about rollup Regions and contributing Regions, see Managing Regions.

Important

The maximum number of sources that Security Lake allows to add per subscriber is a 10. This could be a combination of AWS sources and custom sources.