# 使用 AWS CLI 的 Security Lake 示例
以下代码示例演示如何通过将 AWS Command Line Interface与 Security Lake 结合使用,来执行操作和实现常见场景。
*操作是大型程序的代码摘录*,必须在上下文中运行。您可以通过操作了解如何调用单个服务函数,还可以通过函数相关场景的上下文查看操作。
每个示例都包含一个指向完整源代码的链接,您可以从中找到有关如何在上下文中设置和运行代码的说明。
**Topics**
+ [操作](#actions)
## 操作
### `create-aws-log-source`
以下代码示例演示了如何使用 `create-aws-log-source`。
**AWS CLI**
**将原生支持的 Amazon Web Service 添加为 Amazon Security Lake 源**
以下 `create-aws-logsource` 示例在指定账户和区域中添加 VPC 流日志作为 Security Lake 源。
```
aws securitylake create-aws-log-source \
--sources '[{"regions": ["us-east-1"], "accounts": ["123456789012"], "sourceName": "SH_FINDINGS", "sourceVersion": "2.0"}]'
```
输出:
```
{
"failed": [
"123456789012"
]
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[添加 AWS 服务作为源](https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html#add-internal-sources)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [CreateAwsLogSource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/create-aws-log-source.html)。
### `create-custom-log-source`
以下代码示例演示了如何使用 `create-custom-log-source`。
**AWS CLI**
**将自定义源添加为 Amazon Security Lake 源**
以下 `create-custom-logsource` 示例在指定日志提供商账户和指定区域中添加自定义源作为 Security Lake 源。
```
aws securitylake create-custom-log-source \
--source-name "VPC_FLOW" \
--event-classes '["DNS_ACTIVITY", "NETWORK_ACTIVITY"]' \
--configuration '{"crawlerConfiguration": {"roleArn": "arn:aws:glue:eu-west-2:123456789012:crawler/E1WG1ZNPRXT0D4"},"providerIdentity": {"principal": "029189416600","externalId": "123456789012"}}' --region "us-east-1"
```
输出:
```
{
"customLogSource": {
"attributes": {
"crawlerArn": "arn:aws:glue:eu-west-2:123456789012:crawler/E1WG1ZNPRXT0D4",
"databaseArn": "arn:aws:glue:eu-west-2:123456789012:database/E1WG1ZNPRXT0D4",
"tableArn": "arn:aws:glue:eu-west-2:123456789012:table/E1WG1ZNPRXT0D4"
},
"provider": {
"location": "amzn-s3-demo-bucket--usw2-az1--x-s3",
"roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-Provider-testCustom2-eu-west-2"
},
"sourceName": "testCustom2"
"sourceVersion": "2.0"
}
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[添加自定义源](https://docs.aws.amazon.com/security-lake/latest/userguide/custom-sources.html#adding-custom-sources)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [CreateCustomLogSource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/create-custom-log-source.html)。
### `create-data-lake-exception-subscription`
以下代码示例演示了如何使用 `create-data-lake-exception-subscription`。
**AWS CLI**
**发送 Security Lake 异常通知**
以下 `create-data-lake-exception-subscription` 示例通过短信向指定账户发送有关 Security Lake 异常的通知。异常消息将在指定时间段内保留。
```
aws securitylake create-data-lake-exception-subscription \
--notification-endpoint "123456789012" \
--exception-time-to-live 30 \
--subscription-protocol "sms"
```
此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的 [Amazon Security Lake 故障排除](https://docs.aws.amazon.com/security-lake/latest/userguide/security-lake-troubleshoot.html#securitylake-data-lake-troubleshoot)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateDataLakeExceptionSubscription](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/create-data-lake-exception-subscription.html)。
### `create-data-lake-organization-configuration`
以下代码示例演示了如何使用 `create-data-lake-organization-configuration`。
**AWS CLI**
**在新组织账户中配置 Security Lake**
以下 `create-data-lake-organization-configuration` 示例启用 Security Lake 以及新组织账户中指定源事件和日志的收集。
```
aws securitylake create-data-lake-organization-configuration \
--auto-enable-new-account '[{"region":"us-east-1","sources":[{"sourceName":"SH_FINDINGS","sourceVersion": "1.0"}]}]'
```
此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[使用 AWS Organizations 管理多个账户](https://docs.aws.amazon.com/security-lake/latest/userguide/multi-account-management.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateDataLakeOrganizationConfiguration](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/create-data-lake-organization-configuration.html)。
### `create-data-lake`
以下代码示例演示了如何使用 `create-data-lake`。
**AWS CLI**
**示例 1:在多个区域配置数据湖**
以下 `create-data-lake` 示例在多个 AWS 区域启用 Amazon Security Lake 并配置您的数据湖。
```
aws securitylake create-data-lake \
--configurations '[{"encryptionConfiguration": {"kmsKeyId":"S3_MANAGED_KEY"},"region":"us-east-1","lifecycleConfiguration": {"expiration":{"days":365},"transitions":[{"days":60,"storageClass":"ONEZONE_IA"}]}}, {"encryptionConfiguration": {"kmsKeyId":"S3_MANAGED_KEY"},"region":"us-east-2","lifecycleConfiguration": {"expiration":{"days":365},"transitions":[{"days":60,"storageClass":"ONEZONE_IA"}]}}]' \
--meta-store-manager-role-arn "arn:aws:iam:us-east-1:123456789012:role/service-role/AmazonSecurityLakeMetaStoreManager"
```
输出:
```
{
"dataLakes": [
{
"createStatus": "COMPLETED",
"dataLakeArn": "arn:aws:securitylake:us-east-1:522481757177:data-lake/default",
"encryptionConfiguration": {
"kmsKeyId": "S3_MANAGED_KEY"
},
"lifecycleConfiguration": {
"expiration": {
"days": 365
},
"transitions": [
{
"days": 60,
"storageClass": "ONEZONE_IA"
}
]
},
"region": "us-east-1",
"replicationConfiguration": {
"regions": [
"ap-northeast-3"
],
"roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default"
},
"s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-1-gnevt6s8z7bzby8oi3uiaysbr8v2ml",
"updateStatus": {
"exception": {},
"requestId": "f20a6450-d24a-4f87-a6be-1d4c075a59c2",
"status": "INITIALIZED"
}
},
{
"createStatus": "COMPLETED",
"dataLakeArn": "arn:aws:securitylake:us-east-2:522481757177:data-lake/default",
"encryptionConfiguration": {
"kmsKeyId": "S3_MANAGED_KEY"
},
"lifecycleConfiguration": {
"expiration": {
"days": 365
},
"transitions": [
{
"days": 60,
"storageClass": "ONEZONE_IA"
}
]
},
"region": "us-east-2",
"replicationConfiguration": {
"regions": [
"ap-northeast-3"
],
"roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default"
},
"s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-2-cehuifzl5rwmhm6m62h7zhvtseogr9",
"updateStatus": {
"exception": {},
"requestId": "f20a6450-d24a-4f87-a6be-1d4c075a59c2",
"status": "INITIALIZED"
}
}
]
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的 [Amazon Security Lake 入门](https://docs.aws.amazon.com/security-lake/latest/userguide/getting-started.html)。
**示例 2:在单个区域配置数据湖**
以下 `create-data-lake` 示例在单个 AWS 区域启用 Amazon Security Lake 并配置您的数据湖。
```
aws securitylake create-data-lake \
--configurations '[{"encryptionConfiguration": {"kmsKeyId":"1234abcd-12ab-34cd-56ef-1234567890ab"},"region":"us-east-2","lifecycleConfiguration": {"expiration":{"days":500},"transitions":[{"days":30,"storageClass":"GLACIER"}]}}]' \
--meta-store-manager-role-arn "arn:aws:iam:us-east-1:123456789012:role/service-role/AmazonSecurityLakeMetaStoreManager"
```
输出:
```
{
"dataLakes": [
{
"createStatus": "COMPLETED",
"dataLakeArn": "arn:aws:securitylake:us-east-2:522481757177:data-lake/default",
"encryptionConfiguration": {
"kmsKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
},
"lifecycleConfiguration": {
"expiration": {
"days": 500
},
"transitions": [
{
"days": 30,
"storageClass": "GLACIER"
}
]
},
"region": "us-east-2",
"replicationConfiguration": {
"regions": [
"ap-northeast-3"
],
"roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default"
},
"s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-2-cehuifzl5rwmhm6m62h7zhvtseogr9",
"updateStatus": {
"exception": {},
"requestId": "77702a53-dcbf-493e-b8ef-518e362f3003",
"status": "INITIALIZED"
}
}
]
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的 [Amazon Security Lake 入门](https://docs.aws.amazon.com/security-lake/latest/userguide/getting-started.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateDataLake](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/create-data-lake.html)。
### `create-subscriber-notification`
以下代码示例演示了如何使用 `create-subscriber-notification`。
**AWS CLI**
**创建订阅用户通知**
以下 `create-subscriber-notification` 示例说明如何指定订阅用户通知,以便在向数据湖写入新数据时创建通知。
```
aws securitylake create-subscriber-notification \
--subscriber-id "12345ab8-1a34-1c34-1bd4-12345ab9012" \
--configuration '{"httpsNotificationConfiguration": {"targetRoleArn":"arn:aws:iam::XXX:role/service-role/RoleName", "endpoint":"https://account-management.$3.$2.securitylake.aws.dev/v1/datalake"}}'
```
输出:
```
{
"subscriberEndpoint": [
"https://account-management.$3.$2.securitylake.aws.dev/v1/datalake"
]
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[订阅用户管理](https://docs.aws.amazon.com/security-lake/latest/userguide/subscriber-management.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateSubscriberNotification](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/create-subscriber-notification.html)。
### `create-subscriber`
以下代码示例演示了如何使用 `create-subscriber`。
**AWS CLI**
**示例 1:创建具有数据访问权限的订阅用户**
以下 `create-subscriber` 示例在 Security Lake 中创建一个订阅用户,该订阅用户可以访问当前 AWS 区域中为 AWS 源指定的订阅用户身份数据。
```
aws securitylake create-subscriber \
--access-types "S3" \
--sources '[{"awsLogSource": {"sourceName": "VPC_FLOW","sourceVersion": "2.0"}}]' \
--subscriber-name 'opensearch-s3' \
--subscriber-identity '{"principal": "029189416600","externalId": "123456789012"}'
```
输出:
```
{
"subscriber": {
"accessTypes": [
"S3"
],
"createdAt": "2024-07-17T19:08:26.787000+00:00",
"roleArn": "arn:aws:iam::773172568199:role/AmazonSecurityLake-896f218b-cfba-40be-a255-8b49a65d0407",
"s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-1-um632ufwpvxkyz0bc5hkb64atycnf3",
"sources": [
{
"awsLogSource": {
"sourceName": "VPC_FLOW",
"sourceVersion": "2.0"
}
}
],
"subscriberArn": "arn:aws:securitylake:us-east-1:773172568199:subscriber/896f218b-cfba-40be-a255-8b49a65d0407",
"subscriberId": "896f218b-cfba-40be-a255-8b49a65d0407",
"subscriberIdentity": {
"externalId": "123456789012",
"principal": "029189416600"
},
"subscriberName": "opensearch-s3",
"subscriberStatus": "ACTIVE",
"updatedAt": "2024-07-17T19:08:27.133000+00:00"
}
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[创建具有数据访问权限的订阅用户](https://docs.aws.amazon.com/security-lake/latest/userguide/subscriber-data-access.html#create-subscriber-data-access)。
**示例 2:创建具有查询访问权限的订阅用户**
以下 `create-subscriber` 示例在 Security Lake 中为指定的订阅用户身份创建一个在当前 AWS 区域具有查询访问权限的订阅用户。
```
aws securitylake create-subscriber \
--access-types "LAKEFORMATION" \
--sources '[{"awsLogSource": {"sourceName": "VPC_FLOW","sourceVersion": "2.0"}}]' \
--subscriber-name 'opensearch-s3' \
--subscriber-identity '{"principal": "029189416600","externalId": "123456789012"}'
```
输出:
```
{
"subscriber": {
"accessTypes": [
"LAKEFORMATION"
],
"createdAt": "2024-07-18T01:05:55.853000+00:00",
"resourceShareArn": "arn:aws:ram:us-east-1:123456789012:resource-share/8c31da49-c224-4f1e-bb12-37ab756d6d8a",
"resourceShareName": "LakeFormation-V2-NAMENAMENA-123456789012",
"sources": [
{
"awsLogSource": {
"sourceName": "VPC_FLOW",
"sourceVersion": "2.0"
}
}
],
"subscriberArn": "arn:aws:securitylake:us-east-1:123456789012:subscriber/e762aabb-ce3d-4585-beab-63474597845d",
"subscriberId": "e762aabb-ce3d-4585-beab-63474597845d",
"subscriberIdentity": {
"externalId": "123456789012",
"principal": "029189416600"
},
"subscriberName": "opensearch-s3",
"subscriberStatus": "ACTIVE",
"updatedAt": "2024-07-18T01:05:58.393000+00:00"
}
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[创建具有查询访问权限的订阅用户](https://docs.aws.amazon.com/security-lake/latest/userguide/subscriber-query-access.html#create-query-subscriber-procedures)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateSubscriber](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/create-subscriber.html)。
### `delete-aws-log-source`
以下代码示例演示了如何使用 `delete-aws-log-source`。
**AWS CLI**
**移除原生支持的 AWS 服务**
以下 `delete-aws-logsource` 示例在指定账户和区域中删除 VPC 流日志作为 Security Lake 源。
```
aws securitylake delete-aws-log-source \
--sources '[{"regions": ["us-east-1"], "accounts": ["123456789012"], "sourceName": "SH_FINDINGS", "sourceVersion": "2.0"}]'
```
输出:
```
{
"failed": [
"123456789012"
]
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[移除 AWS 服务作为源](https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html#remove-internal-sources)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [DeleteAwsLogSource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/delete-aws-log-source.html)。
### `delete-custom-log-source`
以下代码示例演示了如何使用 `delete-custom-log-source`。
**AWS CLI**
**移除自定义源**
以下 `delete-custom-logsource` 示例在指定日志提供商账户和指定区域中删除自定义源。
```
aws securitylake delete-custom-log-source \
--source-name "CustomSourceName"
```
此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[删除自定义源](https://docs.aws.amazon.com/security-lake/latest/userguide/custom-sources.html#delete-custom-source)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [DeleteCustomLogSource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/delete-custom-log-source.html)。
### `delete-data-lake-organization-configuration`
以下代码示例演示了如何使用 `delete-data-lake-organization-configuration`。
**AWS CLI**
**停止在成员账户中自动收集源**
以下 `delete-data-lake-organization-configuration` 示例停止从加入组织的新成员账户中自动收集 AWS Security Hub 调查发现。只有委托的 Security Lake 管理员才能运行此命令。它可以防止新成员账户自动向数据湖提供数据。
```
aws securitylake delete-data-lake-organization-configuration \
--auto-enable-new-account '[{"region":"us-east-1","sources":[{"sourceName":"SH_FINDINGS"}]}]'
```
此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[使用 AWS Organizations 管理多个账户](https://docs.aws.amazon.com/securityhub/latest/userguide/multi-account-management.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteDataLakeOrganizationConfiguration](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/delete-data-lake-organization-configuration.html)。
### `delete-data-lake`
以下代码示例演示了如何使用 `delete-data-lake`。
**AWS CLI**
**禁用您的数据湖**
以下 `delete-data-lake` 示例在指定 AWS 区域禁用您的数据湖。在指定的区域中,源不再向数据湖提供数据。对于利用 AWS Organizations 的 Security Lake 部署,只有该组织的委托 Security Lake 管理员才能为组织中的账户禁用 Security Lake。
```
aws securitylake delete-data-lake \
--regions "ap-northeast-1" "eu-central-1"
```
此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[禁用 Amazon Security Lake](https://docs.aws.amazon.com/securityhub/latest/userguide/disable-security-lake.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteDataLake](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/delete-data-lake.html)。
### `delete-subscriber-notification`
以下代码示例演示了如何使用 `delete-subscriber-notification`。
**AWS CLI**
**删除订阅用户通知**
以下 `delete-subscriber-notification` 示例说明如何删除特定 Security Lake 订阅用户的订阅用户通知。
```
aws securitylake delete-subscriber-notification \
--subscriber-id "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
```
此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[订阅用户管理](https://docs.aws.amazon.com/security-lake/latest/userguide/subscriber-management.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteSubscriberNotification](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/delete-subscriber-notification.html)。
### `delete-subscriber`
以下代码示例演示了如何使用 `delete-subscriber`。
**AWS CLI**
**删除订阅用户**
以下 `delete-subscriber` 示例说明如果您不再希望某个订阅用户访问 Security Lake 中的数据,如何移除该订阅用户。
```
aws securitylake delete-subscriber \
--subscriber-id "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
```
此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[订阅用户管理](https://docs.aws.amazon.com/security-lake/latest/userguide/subscriber-management.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteSubscriber](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/delete-subscriber.html)。
### `get-data-lake-exception-subscription`
以下代码示例演示了如何使用 `get-data-lake-exception-subscription`。
**AWS CLI**
**获取有关异常订阅的详细信息**
以下 `get-data-lake-exception-subscription` 示例提供有关 Security Lake 异常订阅的详细信息。在此示例中,指定 AWS 账户的用户会通过短信收到错误通知。异常消息将在指定时间段内保留在账户中。异常订阅会通过请求者的首选协议向 Security Lake 用户通报错误。
```
aws securitylake get-data-lake-exception-subscription
```
输出:
```
{
"exceptionTimeToLive": 30,
"notificationEndpoint": "123456789012",
"subscriptionProtocol": "sms"
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[数据湖状态故障排除](https://docs.aws.amazon.com/securityhub/latest/userguide/security-lake-troubleshoot.html#securitylake-data-lake-troubleshoot)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetDataLakeExceptionSubscription](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/get-data-lake-exception-subscription.html)。
### `get-data-lake-organization-configuration`
以下代码示例演示了如何使用 `get-data-lake-organization-configuration`。
**AWS CLI**
**获取有关新组织账户配置的详细信息**
以下 `get-data-lake-organization-configuration` 示例检索有关新组织账户在加入 Amazon Security Lake 后将发送的源日志的详细信息。
```
aws securitylake get-data-lake-organization-configuration
```
输出:
```
{
"autoEnableNewAccount": [
{
"region": "us-east-1",
"sources": [
{
"sourceName": "VPC_FLOW",
"sourceVersion": "1.0"
},
{
"sourceName": "ROUTE53",
"sourceVersion": "1.0"
},
{
"sourceName": "SH_FINDINGS",
"sourceVersion": "1.0"
}
]
}
]
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[使用 AWS Organizations 管理多个账户](https://docs.aws.amazon.com/security-lake/latest/userguide/multi-account-management.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetDataLakeOrganizationConfiguration](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/get-data-lake-organization-configuration.html)。
### `get-data-lake-sources`
以下代码示例演示了如何使用 `get-data-lake-sources`。
**AWS CLI**
**获取日志收集的状态**
以下 `get-data-lake-sources` 示例获取当前 AWS 区域中指定账户的日志收集快照。该账户已启用 Amazon Security Lake。
```
aws securitylake get-data-lake-sources \
--accounts "123456789012"
```
输出:
```
{
"dataLakeSources": [
{
"account": "123456789012",
"sourceName": "SH_FINDINGS",
"sourceStatuses": [
{
"resource": "vpc-1234567890abcdef0",
"status": "COLLECTING"
}
]
},
{
"account": "123456789012",
"sourceName": "VPC_FLOW",
"sourceStatuses": [
{
"resource": "vpc-1234567890abcdef0",
"status": "NOT_COLLECTING"
}
]
},
{
"account": "123456789012",
"sourceName": "LAMBDA_EXECUTION",
"sourceStatuses": [
{
"resource": "vpc-1234567890abcdef0",
"status": "COLLECTING"
}
]
},
{
"account": "123456789012",
"sourceName": "ROUTE53",
"sourceStatuses": [
{
"resource": "vpc-1234567890abcdef0",
"status": "COLLECTING"
}
]
},
{
"account": "123456789012",
"sourceName": "CLOUD_TRAIL_MGMT",
"sourceStatuses": [
{
"resource": "vpc-1234567890abcdef0",
"status": "COLLECTING"
}
]
}
],
"dataLakeArn": null
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[从 AWS 服务收集数据](https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetDataLakeSources](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/get-data-lake-sources.html)。
### `get-subscriber`
以下代码示例演示了如何使用 `get-subscriber`。
**AWS CLI**
**检索订阅信息**
以下 `get-subscriber` 示例检索指定的 Security Lake 订阅用户的订阅信息。
```
aws securitylake get-subscriber \
--subscriber-id a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
```
输出:
```
{
"subscriber": {
"accessTypes": [
"LAKEFORMATION"
],
"createdAt": "2024-04-19T15:19:44.421803+00:00",
"resourceShareArn": "arn:aws:ram:eu-west-2:123456789012:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"resourceShareName": "LakeFormation-V3-TKJGBHCKTZ-123456789012",
"sources": [
{
"awsLogSource": {
"sourceName": "LAMBDA_EXECUTION",
"sourceVersion": "1.0"
}
},
{
"awsLogSource": {
"sourceName": "EKS_AUDIT",
"sourceVersion": "2.0"
}
},
{
"awsLogSource": {
"sourceName": "ROUTE53",
"sourceVersion": "1.0"
}
},
{
"awsLogSource": {
"sourceName": "SH_FINDINGS",
"sourceVersion": "1.0"
}
},
{
"awsLogSource": {
"sourceName": "VPC_FLOW",
"sourceVersion": "1.0"
}
},
{
"customLogSource": {
"attributes": {
"crawlerArn": "arn:aws:glue:eu-west-2:123456789012:crawler/testCustom2",
"databaseArn": "arn:aws:glue:eu-west-2:123456789012:database/amazon_security_lake_glue_db_eu_west_2",
"tableArn": "arn:aws:glue:eu-west-2:123456789012:table/amazon_security_lake_table_eu_west_2_ext_testcustom2"
},
"provider": {
"location": "s3://aws-security-data-lake-eu-west-2-8ugsus4ztnsfpjbldwbgf4vge98av9/ext/testCustom2/",
"roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-Provider-testCustom2-eu-west-2"
},
"sourceName": "testCustom2"
}
},
{
"customLogSource": {
"attributes": {
"crawlerArn": "arn:aws:glue:eu-west-2:123456789012:crawler/TestCustom",
"databaseArn": "arn:aws:glue:eu-west-2:123456789012:database/amazon_security_lake_glue_db_eu_west_2",
"tableArn": "arn:aws:glue:eu-west-2:123456789012:table/amazon_security_lake_table_eu_west_2_ext_testcustom"
},
"provider": {
"location": "s3://aws-security-data-lake-eu-west-2-8ugsus4ztnsfpjbldwbgf4vge98av9/ext/TestCustom/",
"roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-Provider-TestCustom-eu-west-2"
},
"sourceName": "TestCustom"
}
}
],
"subscriberArn": "arn:aws:securitylake:eu-west-2:123456789012:subscriber/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"subscriberId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"subscriberIdentity": {
"externalId": "123456789012",
"principal": "123456789012"
},
"subscriberName": "test",
"subscriberStatus": "ACTIVE",
"updatedAt": "2024-04-19T15:19:55.230588+00:00"
}
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[订阅用户管理](https://docs.aws.amazon.com/security-lake/latest/userguide/subscriber-management.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetSubscriber](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/get-subscriber.html)。
### `list-data-lake-exceptions`
以下代码示例演示了如何使用 `list-data-lake-exceptions`。
**AWS CLI**
**列出影响您数据湖的问题**
以下 `list-data-lake-exceptions` 示例列出在过去 14 天内在指定 AWS 区域中影响您数据湖的问题。
```
aws securitylake list-data-lake-exceptions \
--regions "us-east-1" "eu-west-3"
```
输出:
```
{
"exceptions": [
{
"exception": "The account does not have the required role permissions. Update your role permissions to use the new data source version.",
"region": "us-east-1",
"timestamp": "2024-02-29T12:24:15.641725+00:00"
},
{
"exception": "The account does not have the required role permissions. Update your role permissions to use the new data source version.",
"region": "eu-west-3",
"timestamp": "2024-02-29T12:24:15.641725+00:00"
}
]
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的 [Amazon Security Lake 故障排除](https://docs.aws.amazon.com/security-lake/latest/userguide/security-lake-troubleshoot.html#securitylake-data-lake-troubleshoot)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListDataLakeExceptions](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/list-data-lake-exceptions.html)。
### `list-data-lakes`
以下代码示例演示了如何使用 `list-data-lakes`。
**AWS CLI**
**列出 Security Lake 配置对象**
以下 `list-data-lakes` 示例列出指定 AWS 区域的 Amazon Security Lake 配置对象。您可以使用此命令来确定是否在指定区域中启用了 Security Lake。
```
aws securitylake list-data-lakes \
--regions "us-east-1"
```
输出:
```
{
"dataLakes": [
{
"createStatus": "COMPLETED",
"dataLakeArn": "arn:aws:securitylake:us-east-1:123456789012:data-lake/default",
"encryptionConfiguration": {
"kmsKeyId": "S3_MANAGED_KEY"
},
"lifecycleConfiguration": {
"expiration": {
"days": 365
},
"transitions": [
{
"days": 60,
"storageClass": "ONEZONE_IA"
}
]
},
"region": "us-east-1",
"replicationConfiguration": {
"regions": [
"ap-northeast-3"
],
"roleArn": "arn:aws:securitylake:ap-northeast-3:123456789012:data-lake/default"
},
"s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-1-1234567890abcdef0",
"updateStatus": {
"exception": {
"code": "software.amazon.awssdk.services.s3.model.S3Exception",
"reason": ""
},
"requestId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"status": "FAILED"
}
}
]
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[检查区域状态](https://docs.aws.amazon.com/security-lake/latest/userguide/manage-regions.html#check-region-status)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListDataLakes](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/list-data-lakes.html)。
### `list-log-sources`
以下代码示例演示了如何使用 `list-log-sources`。
**AWS CLI**
**检索 Amazon Security Lake 日志源**
以下 `list-log-sources` 示例列出指定账户中的 Amazon Security Lake 日志源。
```
aws securitylake list-log-sources \
--accounts "123456789012"
```
输出:
```
{
"account": "123456789012",
"region": "xy-region-1",
"sources": [
{
"awsLogSource": {
"sourceName": "VPC_FLOW",
"sourceVersion": "2.0"
}
},
{
"awsLogSource": {
"sourceName": "SH_FINDINGS",
"sourceVersion": "2.0"
}
}
]
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[源管理](https://docs.aws.amazon.com/security-lake/latest/userguide/source-management.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListLogSources](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/list-log-sources.html)。
### `list-subscribers`
以下代码示例演示了如何使用 `list-subscribers`。
**AWS CLI**
**检索 Amazon Security Lake 订阅用户**
以下 `list-subscribers` 示例列出指定账户中的所有 Amazon Security Lake 订阅用户。
```
aws securitylake list-subscribers
```
输出:
```
{
"subscribers": [
{
"accessTypes": [
"S3"
],
"createdAt": "2024-06-04T15:02:28.921000+00:00",
"roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-E1WG1ZNPRXT0D4",
"s3BucketArn": "amzn-s3-demo-bucket--usw2-az1--x-s3",
"sources": [
{
"awsLogSource": {
"sourceName": "CLOUD_TRAIL_MGMT",
"sourceVersion": "2.0"
}
},
{
"awsLogSource": {
"sourceName": "LAMBDA_EXECUTION",
"sourceVersion": "1.0"
}
},
{
"customLogSource": {
"attributes": {
"crawlerArn": "arn:aws:glue:eu-west-2:123456789012:crawler/E1WG1ZNPRXT0D4",
"databaseArn": "arn:aws:glue:eu-west-2:123456789012:database/E1WG1ZNPRXT0D4",
"tableArn": "arn:aws:glue:eu-west-2:123456789012:table/E1WG1ZNPRXT0D4"
},
"provider": {
"location": "amzn-s3-demo-bucket--usw2-az1--x-s3",
"roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-E1WG1ZNPRXT0D4"
},
"sourceName": "testCustom2"
}
}
],
"subscriberArn": "arn:aws:securitylake:eu-west-2:123456789012:subscriber/E1WG1ZNPRXT0D4",
"subscriberEndpoint": "arn:aws:sqs:eu-west-2:123456789012:AmazonSecurityLake-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111-Main-Queue",
"subscriberId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"subscriberIdentity": {
"externalId": "ext123456789012",
"principal": "123456789012"
},
"subscriberName": "Test",
"subscriberStatus": "ACTIVE",
"updatedAt": "2024-06-04T15:02:35.617000+00:00"
}
]
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[订阅用户管理](https://docs.aws.amazon.com/security-lake/latest/userguide/subscriber-management.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListSubscribers](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/list-subscribers.html)。
### `list-tags-for-resource`
以下代码示例演示了如何使用 `list-tags-for-resource`。
**AWS CLI**
**列出现有资源的标签**
以下 `list-tags-for-resource` 示例列出指定 Amazon Security Lake 订阅用户的标签。在此示例中,“Owner”标签键没有关联的标签值。您也可以使用此操作列出其他现有 Security Lake 资源的标签。
```
aws securitylake list-tags-for-resource \
--resource-arn "arn:aws:securitylake:us-east-1:123456789012:subscriber/1234abcd-12ab-34cd-56ef-1234567890ab"
```
输出:
```
{
"tags": [
{
"key": "Environment",
"value": "Cloud"
},
{
"key": "CostCenter",
"value": "12345"
},
{
"key": "Owner",
"value": ""
}
]
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[标记 Amazon Security Lake 资源](https://docs.aws.amazon.com/security-lake/latest/userguide/tagging-resources.html#tags-retrieve)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListTagsForResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/list-tags-for-resource.html)。
### `register-data-lake-delegated-administrator`
以下代码示例演示了如何使用 `register-data-lake-delegated-administrator`。
**AWS CLI**
**指定委托的管理员**
以下 `register-data-lake-delegated-administrator` 示例会将指定 AWS 账户指定为委托的 Amazon Security Lake 管理员。
```
aws securitylake register-data-lake-delegated-administrator \
--account-id 123456789012
```
此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[使用 AWS Organizations 管理多个账户](https://docs.aws.amazon.com/security-lake/latest/userguide/multi-account-management.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [RegisterDataLakeDelegatedAdministrator](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/register-data-lake-delegated-administrator.html)。
### `tag-resource`
以下代码示例演示了如何使用 `tag-resource`。
**AWS CLI**
**向现有资源添加标签**
以下 `tag-resource` 示例向现有订阅用户资源添加标签。要创建新资源并为其添加一个或多个标签,请不要使用此操作。相反,请针对要创建的资源类型使用相应的“Create”操作。
```
aws securitylake tag-resource \
--resource-arn "arn:aws:securitylake:us-east-1:123456789012:subscriber/1234abcd-12ab-34cd-56ef-1234567890ab" \
--tags key=Environment,value=Cloud
```
此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[标记 Amazon Security Lake 资源](https://docs.aws.amazon.com/security-lake/latest/userguide/tagging-resources.html#tags-retrieve)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [TagResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/tag-resource.html)。
### `untag-resource`
以下代码示例演示了如何使用 `untag-resource`。
**AWS CLI**
**从现有资源中移除标签**
以下 `untag-resource` 示例从现有订阅用户资源中移除指定标签。
```
aws securitylake untag-resource \
--resource-arn "arn:aws:securitylake:us-east-1:123456789012:subscriber/1234abcd-12ab-34cd-56ef-1234567890ab" \
--tags Environment Owner
```
此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[标记 Amazon Security Lake 资源](https://docs.aws.amazon.com/security-lake/latest/userguide/tagging-resources.html#tags-retrieve)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UntagResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/untag-resource.html)。
### `update-data-lake-exception-subscription`
以下代码示例演示了如何使用 `update-data-lake-exception-subscription`。
**AWS CLI**
**更新 Security Lake 异常的通知订阅**
以下 `update-data-lake-exception-subscription` 示例更新通知用户 Security Lake 异常的通知订阅。
```
aws securitylake update-data-lake-exception-subscription \
--notification-endpoint "123456789012" \
--exception-time-to-live 30 \
--subscription-protocol "email"
```
此命令不生成任何输出。
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的 [Amazon Security Lake 故障排除](https://docs.aws.amazon.com/security-lake/latest/userguide/security-lake-troubleshoot.html#securitylake-data-lake-troubleshoot)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateDataLakeExceptionSubscription](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/update-data-lake-exception-subscription.html)。
### `update-data-lake`
以下代码示例演示了如何使用 `update-data-lake`。
**AWS CLI**
**示例 1:更新您的数据湖设置**
以下 `update-data-lake` 示例更新您的 Amazon Security Lake 数据湖的设置。您可以使用此操作来指定数据加密、存储和汇总区域设置。
```
aws securitylake update-data-lake \
--configurations '[{"encryptionConfiguration": {"kmsKeyId":"S3_MANAGED_KEY"},"region":"us-east-1","lifecycleConfiguration": {"expiration":{"days":365},"transitions":[{"days":60,"storageClass":"ONEZONE_IA"}]}}, {"encryptionConfiguration": {"kmsKeyId":"S3_MANAGED_KEY"},"region":"us-east-2","lifecycleConfiguration": {"expiration":{"days":365},"transitions":[{"days":60,"storageClass":"ONEZONE_IA"}]}}]' \
--meta-store-manager-role-arn "arn:aws:iam:us-east-1:123456789012:role/service-role/AmazonSecurityLakeMetaStoreManager"
```
输出:
```
{
"dataLakes": [
{
"createStatus": "COMPLETED",
"dataLakeArn": "arn:aws:securitylake:us-east-1:522481757177:data-lake/default",
"encryptionConfiguration": {
"kmsKeyId": "S3_MANAGED_KEY"
},
"lifecycleConfiguration": {
"expiration": {
"days": 365
},
"transitions": [
{
"days": 60,
"storageClass": "ONEZONE_IA"
}
]
},
"region": "us-east-1",
"replicationConfiguration": {
"regions": [
"ap-northeast-3"
],
"roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default"
},
"s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-1-gnevt6s8z7bzby8oi3uiaysbr8v2ml",
"updateStatus": {
"exception": {},
"requestId": "f20a6450-d24a-4f87-a6be-1d4c075a59c2",
"status": "INITIALIZED"
}
},
{
"createStatus": "COMPLETED",
"dataLakeArn": "arn:aws:securitylake:us-east-2:522481757177:data-lake/default",
"encryptionConfiguration": {
"kmsKeyId": "S3_MANAGED_KEY"
},
"lifecycleConfiguration": {
"expiration": {
"days": 365
},
"transitions": [
{
"days": 60,
"storageClass": "ONEZONE_IA"
}
]
},
"region": "us-east-2",
"replicationConfiguration": {
"regions": [
"ap-northeast-3"
],
"roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default"
},
"s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-2-cehuifzl5rwmhm6m62h7zhvtseogr9",
"updateStatus": {
"exception": {},
"requestId": "f20a6450-d24a-4f87-a6be-1d4c075a59c2",
"status": "INITIALIZED"
}
}
]
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的 [Amazon Security Lake 入门](https://docs.aws.amazon.com/security-lake/latest/userguide/getting-started.html)。
**示例 2:在单个区域配置数据湖**
以下 `create-data-lake` 示例在单个 AWS 区域启用 Amazon Security Lake 并配置您的数据湖。
```
aws securitylake create-data-lake \
--configurations '[{"encryptionConfiguration": {"kmsKeyId":"1234abcd-12ab-34cd-56ef-1234567890ab"},"region":"us-east-2","lifecycleConfiguration": {"expiration":{"days":500},"transitions":[{"days":30,"storageClass":"GLACIER"}]}}]' \
--meta-store-manager-role-arn "arn:aws:iam:us-east-1:123456789012:role/service-role/AmazonSecurityLakeMetaStoreManager"
```
输出:
```
{
"dataLakes": [
{
"createStatus": "COMPLETED",
"dataLakeArn": "arn:aws:securitylake:us-east-2:522481757177:data-lake/default",
"encryptionConfiguration": {
"kmsKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
},
"lifecycleConfiguration": {
"expiration": {
"days": 500
},
"transitions": [
{
"days": 30,
"storageClass": "GLACIER"
}
]
},
"region": "us-east-2",
"replicationConfiguration": {
"regions": [
"ap-northeast-3"
],
"roleArn": "arn:aws:securitylake:ap-northeast-3:522481757177:data-lake/default"
},
"s3BucketArn": "arn:aws:s3:::aws-security-data-lake-us-east-2-cehuifzl5rwmhm6m62h7zhvtseogr9",
"updateStatus": {
"exception": {},
"requestId": "77702a53-dcbf-493e-b8ef-518e362f3003",
"status": "INITIALIZED"
}
}
]
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的 [Amazon Security Lake 入门](https://docs.aws.amazon.com/security-lake/latest/userguide/getting-started.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateDataLake](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/update-data-lake.html)。
### `update-subscriber-notification`
以下代码示例演示了如何使用 `update-subscriber-notification`。
**AWS CLI**
**更新订阅用户通知**
以下 `update-subscriber-notification` 示例说明如何更新订阅用户的通知。
```
aws securitylake update-subscriber-notification \
--subscriber-id "12345ab8-1a34-1c34-1bd4-12345ab9012" \
--configuration '{"httpsNotificationConfiguration": {"targetRoleArn":"arn:aws:iam::XXX:role/service-role/RoleName", "endpoint":"https://account-management.$3.$2.securitylake.aws.dev/v1/datalake"}}'
```
输出:
```
{
"subscriberEndpoint": [
"https://account-management.$3.$2.securitylake.aws.dev/v1/datalake"
]
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[订阅用户管理](https://docs.aws.amazon.com/security-lake/latest/userguide/subscriber-management.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateSubscriberNotification](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/update-subscriber-notification.html)。
### `update-subscriber`
以下代码示例演示了如何使用 `update-subscriber`。
**AWS CLI**
**更新 Amazon Security Lake 订阅用户**
以下 `update-subscriber` 示例更新特定 Security Lake 订阅用户的安全湖数据访问源。
```
aws securitylake update-subscriber \
--subscriber-id a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
```
输出:
```
{
"subscriber": {
"accessTypes": [
"LAKEFORMATION"
],
"createdAt": "2024-04-19T15:19:44.421803+00:00",
"resourceShareArn": "arn:aws:ram:eu-west-2:123456789012:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"resourceShareName": "LakeFormation-V3-TKJGBHCKTZ-123456789012",
"sources": [
{
"awsLogSource": {
"sourceName": "LAMBDA_EXECUTION",
"sourceVersion": "1.0"
}
},
{
"awsLogSource": {
"sourceName": "EKS_AUDIT",
"sourceVersion": "2.0"
}
},
{
"awsLogSource": {
"sourceName": "ROUTE53",
"sourceVersion": "1.0"
}
},
{
"awsLogSource": {
"sourceName": "SH_FINDINGS",
"sourceVersion": "1.0"
}
},
{
"awsLogSource": {
"sourceName": "VPC_FLOW",
"sourceVersion": "1.0"
}
},
{
"customLogSource": {
"attributes": {
"crawlerArn": "arn:aws:glue:eu-west-2:123456789012:crawler/E1WG1ZNPRXT0D4",
"databaseArn": "arn:aws:glue:eu-west-2:123456789012:database/E1WG1ZNPRXT0D4",
"tableArn": "arn:aws:glue:eu-west-2:123456789012:table/E1WG1ZNPRXT0D4"
},
"provider": {
"location": "amzn-s3-demo-bucket--usw2-az1--x-s3",
"roleArn": "arn:aws:iam::123456789012:role/AmazonSecurityLake-E1WG1ZNPRXT0D4"
},
"sourceName": "testCustom2"
}
}
],
"subscriberArn": "arn:aws:securitylake:eu-west-2:123456789012:subscriber/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"subscriberId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"subscriberIdentity": {
"externalId": "123456789012",
"principal": "123456789012"
},
"subscriberName": "test",
"subscriberStatus": "ACTIVE",
"updatedAt": "2024-07-18T20:47:37.098000+00:00"
}
}
```
有关更多信息,请参阅《Amazon Security Lake 用户指南》**中的[订阅用户管理](https://docs.aws.amazon.com/security-lake/latest/userguide/subscriber-management.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateSubscriber](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/securitylake/update-subscriber.html)。