CreateSubscriber
Creates a subscriber for accounts that are already enabled in Amazon Security Lake. You can create a subscriber with access to data in the current AWS Region.
Request Syntax
POST /v1/subscribers HTTP/1.1
Content-type: application/json
{
"accessTypes": [ "string
" ],
"sources": [
{ ... }
],
"subscriberDescription": "string
",
"subscriberIdentity": {
"externalId": "string
",
"principal": "string
"
},
"subscriberName": "string
",
"tags": [
{
"key": "string
",
"value": "string
"
}
]
}
URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- accessTypes
-
The Amazon S3 or AWS Lake Formation access type.
Type: Array of strings
Valid Values:
LAKEFORMATION | S3
Required: No
- sources
-
The supported AWS services from which logs and events are collected. Security Lake supports log and event collection for natively supported AWS services.
Type: Array of LogSourceResource objects
Required: Yes
- subscriberDescription
-
The description for your subscriber account in Security Lake.
Type: String
Pattern:
^[\\\w\s\-_:/,.@=+]*$
Required: No
- subscriberIdentity
-
The AWS identity used to access your data.
Type: AwsIdentity object
Required: Yes
- subscriberName
-
The name of your Security Lake subscriber account.
Type: String
Length Constraints: Minimum length of 0. Maximum length of 64.
Required: Yes
-
An array of objects, one for each tag to associate with the subscriber. For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string.
Type: Array of Tag objects
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"subscriber": {
"accessTypes": [ "string" ],
"createdAt": "string",
"resourceShareArn": "string",
"resourceShareName": "string",
"roleArn": "string",
"s3BucketArn": "string",
"sources": [
{ ... }
],
"subscriberArn": "string",
"subscriberDescription": "string",
"subscriberEndpoint": "string",
"subscriberId": "string",
"subscriberIdentity": {
"externalId": "string",
"principal": "string"
},
"subscriberName": "string",
"subscriberStatus": "string",
"updatedAt": "string"
}
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- subscriber
-
Retrieve information about the subscriber created using the
CreateSubscriber
API.Type: SubscriberResource object
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization request. An explicit denial occurs when a policy contains a Deny statement for the specific AWS action. An implicit denial occurs when there is no applicable Deny statement and also no applicable Allow statement.
HTTP Status Code: 403
- BadRequestException
-
The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
HTTP Status Code: 400
- ConflictException
-
Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.
HTTP Status Code: 409
- InternalServerException
-
Internal service exceptions are sometimes caused by transient issues. Before you start troubleshooting, perform the operation again.
HTTP Status Code: 500
- ResourceNotFoundException
-
The resource could not be found.
HTTP Status Code: 404
- ThrottlingException
-
The limit on the number of requests per second was exceeded.
HTTP Status Code: 429
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: