create_datalake

create_datalake(**kwargs)

Initializes an Amazon Security Lake instance with the provided (or default) configuration. You can enable Security Lake in Amazon Web Services Regions with customized settings before enabling log collection in Regions. You can either use the enableAll parameter to specify all Regions or specify the Regions where you want to enable Security Lake. To specify particular Regions, use the Regions parameter and then configure these Regions using the configurations parameter. If you have already enabled Security Lake in a Region when you call this command, the command will update the Region if you provide new configuration parameters. If you have not already enabled Security Lake in the Region when you call this API, it will set up the data lake in the Region with the specified configurations.

When you enable Security Lake, it starts ingesting security data after the CreateAwsLogSource call. This includes ingesting security data from sources, storing data, and making data accessible to subscribers. Security Lake also enables all the existing settings and resources that it stores or maintains for your Amazon Web Services account in the current Region, including security log and event data. For more information, see the Amazon Security Lake User Guide.

See also: AWS API Documentation

Request Syntax

response = client.create_datalake(
    configurations={
        'string': {
            'encryptionKey': 'string',
            'replicationDestinationRegions': [
                'us-east-1'|'us-west-2'|'eu-central-1'|'us-east-2'|'eu-west-1'|'ap-northeast-1'|'ap-southeast-2',
            ],
            'replicationRoleArn': 'string',
            'retentionSettings': [
                {
                    'retentionPeriod': 123,
                    'storageClass': 'STANDARD_IA'|'ONEZONE_IA'|'INTELLIGENT_TIERING'|'GLACIER_IR'|'GLACIER'|'DEEP_ARCHIVE'|'EXPIRE'
                },
            ],
            'tagsMap': {
                'string': 'string'
            }
        }
    },
    enableAll=True|False,
    metaStoreManagerRoleArn='string',
    regions=[
        'us-east-1'|'us-west-2'|'eu-central-1'|'us-east-2'|'eu-west-1'|'ap-northeast-1'|'ap-southeast-2',
    ]
)
Parameters
  • configurations (dict) --

    Specify the Region or Regions that will contribute data to the rollup region.

    • (string) --
      • (dict) --

        Provides details of Amazon Security Lake configuration object.

        • encryptionKey (string) --

          The type of encryption key used by Amazon Security Lake to encrypt the Security Lake configuration object.

        • replicationDestinationRegions (list) --

          Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same Amazon Web Services account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different Amazon Web Services Regions or within the same Region as the source bucket.

          Set up one or more rollup Regions by providing the Region or Regions that should contribute to the central rollup Region.

          • (string) --
        • replicationRoleArn (string) --

          Replication settings for the Amazon S3 buckets. This parameter uses the Identity and Access Management (IAM) role you created that is managed by Security Lake, to ensure the replication setting is correct.

        • retentionSettings (list) --

          Retention settings for the destination Amazon S3 buckets.

          • (dict) --

            Retention settings for the destination Amazon S3 buckets in Amazon Security Lake.

            • retentionPeriod (integer) --

              The retention period specifies a fixed period of time during which the Security Lake object remains locked. You can specify the retention period in days for one or more sources.

            • storageClass (string) --

              The range of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads.

        • tagsMap (dict) --

          A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key and an optional value, both of which you define.

          • (string) --
            • (string) --
  • enableAll (boolean) -- Enable Security Lake in all Regions.
  • metaStoreManagerRoleArn (string) -- The Amazon Resource Name (ARN) used to create and update the Glue table. This table contains partitions generated by the ingestion and normalization of Amazon Web Services log sources and custom sources.
  • regions (list) --

    Enable Security Lake in the specified Regions. To enable Security Lake in specific Amazon Web Services Regions, such as us-east-1 or ap-northeast-3, provide the Region codes. For a list of Region codes, see Amazon Security Lake endpoints in the Amazon Web Services General Reference.

    • (string) --
Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

Exceptions

  • SecurityLake.Client.exceptions.ServiceQuotaExceededException
  • SecurityLake.Client.exceptions.ConflictException
  • SecurityLake.Client.exceptions.InternalServerException
  • SecurityLake.Client.exceptions.ValidationException
  • SecurityLake.Client.exceptions.ThrottlingException
  • SecurityLake.Client.exceptions.AccessDeniedException
  • SecurityLake.Client.exceptions.ResourceNotFoundException