create_subscriber

SecurityLake.Client.create_subscriber(**kwargs)

Creates a subscription permission for accounts that are already enabled in Amazon Security Lake. You can create a subscriber with access to data in the current Amazon Web Services Region.

See also: AWS API Documentation

Request Syntax

response = client.create_subscriber(
    accessTypes=[
        'LAKEFORMATION'|'S3',
    ],
    accountId='string',
    externalId='string',
    sourceTypes=[
        {
            'awsSourceType': 'ROUTE53'|'VPC_FLOW'|'CLOUD_TRAIL'|'SH_FINDINGS',
            'customSourceType': 'string'
        },
    ],
    subscriberDescription='string',
    subscriberName='string'
)
Parameters
  • accessTypes (list) --

    The Amazon S3 or Lake Formation access type.

    • (string) --
  • accountId (string) --

    [REQUIRED]

    The Amazon Web Services account ID used to access your data.

  • externalId (string) --

    [REQUIRED]

    The external ID of the subscriber. This lets the user that is assuming the role assert the circumstances in which they are operating. It also provides a way for the account owner to permit the role to be assumed only under specific circumstances.

  • sourceTypes (list) --

    [REQUIRED]

    The supported Amazon Web Services from which logs and events are collected. Security Lake supports log and event collection for natively supported Amazon Web Services.

    • (dict) --

      The supported source types from which logs and events are collected in Amazon Security Lake. For the list of supported Amazon Web Services, see the Amazon Security Lake User Guide.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: awsSourceType, customSourceType.

      • awsSourceType (string) --

        Amazon Security Lake supports log and event collection for natively supported Amazon Web Services.

      • customSourceType (string) --

        Amazon Security Lake supports custom source types. For a detailed list, see the Amazon Security Lake User Guide.

  • subscriberDescription (string) -- The description for your subscriber account in Security Lake.
  • subscriberName (string) --

    [REQUIRED]

    The name of your Security Lake subscriber account.

Return type

dict

Returns

Response Syntax

{
    'resourceShareArn': 'string',
    'resourceShareName': 'string',
    'roleArn': 'string',
    's3BucketArn': 'string',
    'snsArn': 'string',
    'subscriptionId': 'string'
}

Response Structure

  • (dict) --

    • resourceShareArn (string) --

      The Amazon Resource Name (ARN) which uniquely defines the AWS RAM resource share. Before accepting the RAM resource share invitation, you can view details related to the RAM resource share.

    • resourceShareName (string) --

      The name of the resource share.

    • roleArn (string) --

      The Amazon Resource Name (ARN) created by you to provide to the subscriber. For more information about ARNs and how to use them in policies, see Amazon Security Lake User Guide.

    • s3BucketArn (string) --

      The ARN for the Amazon S3 bucket.

    • snsArn (string) --

      The ARN for the Amazon Simple Notification Service.

    • subscriptionId (string) --

      The subscriptionId created by the CreateSubscriber API call.

Exceptions

  • SecurityLake.Client.exceptions.ConflictSubscriptionException
  • SecurityLake.Client.exceptions.InternalServerException
  • SecurityLake.Client.exceptions.ValidationException
  • SecurityLake.Client.exceptions.AccessDeniedException
  • SecurityLake.Client.exceptions.BucketNotFoundException
  • SecurityLake.Client.exceptions.ResourceNotFoundException
  • SecurityLake.Client.exceptions.AccountNotFoundException
  • SecurityLake.Client.exceptions.InvalidInputException