SecurityLake / Client / create_aws_log_source

create_aws_log_source#

SecurityLake.Client.create_aws_log_source(**kwargs)#

Adds a natively supported Amazon Web Service as an Amazon Security Lake source. Enables source types for member accounts in required Amazon Web Services Regions, based on the parameters you specify. You can choose any source type in any Region for either accounts that are part of a trusted organization or standalone accounts. Once you add an Amazon Web Service as a source, Security Lake starts collecting logs and events from it,

You can use this API only to enable natively supported Amazon Web Services as a source. Use CreateCustomLogSource to enable data collection from a custom source.

See also: AWS API Documentation

Request Syntax

response = client.create_aws_log_source(
    sources=[
        {
            'accounts': [
                'string',
            ],
            'regions': [
                'string',
            ],
            'sourceName': 'ROUTE53'|'VPC_FLOW'|'SH_FINDINGS'|'CLOUD_TRAIL_MGMT'|'LAMBDA_EXECUTION'|'S3_DATA',
            'sourceVersion': 'string'
        },
    ]
)
Parameters:

sources (list) –

[REQUIRED]

Specify the natively-supported Amazon Web Services service to add as a source in Security Lake.

  • (dict) –

    The Security Lake logs source configuration file describes the information needed to generate Security Lake logs.

    • accounts (list) –

      Specify the Amazon Web Services account information where you want to enable Security Lake.

      • (string) –

    • regions (list) – [REQUIRED]

      Specify the Regions where you want to enable Security Lake.

      • (string) –

    • sourceName (string) – [REQUIRED]

      The name for a Amazon Web Services source. This must be a Regionally unique value.

    • sourceVersion (string) –

      The version for a Amazon Web Services source. This must be a Regionally unique value.

Return type:

dict

Returns:

Response Syntax

{
    'failed': [
        'string',
    ]
}

Response Structure

  • (dict) –

    • failed (list) –

      Lists all accounts in which enabling a natively supported Amazon Web Service as a Security Lake source failed. The failure occurred as these accounts are not part of an organization.

      • (string) –

Exceptions

  • SecurityLake.Client.exceptions.BadRequestException

  • SecurityLake.Client.exceptions.ResourceNotFoundException

  • SecurityLake.Client.exceptions.InternalServerException

  • SecurityLake.Client.exceptions.AccessDeniedException

  • SecurityLake.Client.exceptions.ConflictException

  • SecurityLake.Client.exceptions.ThrottlingException