SecurityLake.Client.
create_subscriber
(**kwargs)¶Creates a subscription permission for accounts that are already enabled in Amazon Security Lake. You can create a subscriber with access to data in the current Amazon Web Services Region.
See also: AWS API Documentation
Request Syntax
response = client.create_subscriber(
accessTypes=[
'LAKEFORMATION'|'S3',
],
accountId='string',
externalId='string',
sourceTypes=[
{
'awsSourceType': 'ROUTE53'|'VPC_FLOW'|'CLOUD_TRAIL'|'SH_FINDINGS',
'customSourceType': 'string'
},
],
subscriberDescription='string',
subscriberName='string'
)
The Amazon S3 or Lake Formation access type.
[REQUIRED]
The Amazon Web Services account ID used to access your data.
[REQUIRED]
The external ID of the subscriber. This lets the user that is assuming the role assert the circumstances in which they are operating. It also provides a way for the account owner to permit the role to be assumed only under specific circumstances.
[REQUIRED]
The supported Amazon Web Services from which logs and events are collected. Security Lake supports log and event collection for natively supported Amazon Web Services.
The supported source types from which logs and events are collected in Amazon Security Lake. For the list of supported Amazon Web Services, see the Amazon Security Lake User Guide.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: awsSourceType
, customSourceType
.
Amazon Security Lake supports log and event collection for natively supported Amazon Web Services.
Amazon Security Lake supports custom source types. For a detailed list, see the Amazon Security Lake User Guide.
[REQUIRED]
The name of your Security Lake subscriber account.
dict
Response Syntax
{
'resourceShareArn': 'string',
'resourceShareName': 'string',
'roleArn': 'string',
's3BucketArn': 'string',
'snsArn': 'string',
'subscriptionId': 'string'
}
Response Structure
(dict) --
resourceShareArn (string) --
The Amazon Resource Name (ARN) which uniquely defines the AWS RAM resource share. Before accepting the RAM resource share invitation, you can view details related to the RAM resource share.
resourceShareName (string) --
The name of the resource share.
roleArn (string) --
The Amazon Resource Name (ARN) created by you to provide to the subscriber. For more information about ARNs and how to use them in policies, see Amazon Security Lake User Guide.
s3BucketArn (string) --
The ARN for the Amazon S3 bucket.
snsArn (string) --
The ARN for the Amazon Simple Notification Service.
subscriptionId (string) --
The subscriptionId
created by the CreateSubscriber
API call.
Exceptions
SecurityLake.Client.exceptions.ConflictSubscriptionException
SecurityLake.Client.exceptions.InternalServerException
SecurityLake.Client.exceptions.ValidationException
SecurityLake.Client.exceptions.AccessDeniedException
SecurityLake.Client.exceptions.BucketNotFoundException
SecurityLake.Client.exceptions.ResourceNotFoundException
SecurityLake.Client.exceptions.AccountNotFoundException
SecurityLake.Client.exceptions.InvalidInputException