AWS Security ChangesHomeSearch

AWS security-lake documentation change

Service: security-lake · 2025-04-28 · Documentation low

File: security-lake/latest/userguide/multi-account-management.md

Summary

Added guidance for existing accounts to enable new resource management SLR and updated delegated administrator instructions

Security assessment

Provides updated guidance for adopting a new service-linked role to improve monitoring capabilities, but no evidence of addressing a security vulnerability.

Diff

diff --git a/security-lake/latest/userguide/multi-account-management.md b/security-lake/latest/userguide/multi-account-management.md
index a92f39947..830c650d9 100644
--- a//security-lake/latest/userguide/multi-account-management.md
+++ b//security-lake/latest/userguide/multi-account-management.md
@@ -21 +21 @@ To enable Security Lake for multiple accounts in an organization, the organizati
-Use Security Lake's [RegisterDataLakeDelegatedAdministrator](https://docs.aws.amazon.com/security-lake/latest/APIReference/API_RegisterDataLakeDelegatedAdministrator.html) API to allow Security Lake access to your Organization and register Organizations's delegated administrator.
+Use Security Lake's [RegisterDataLakeDelegatedAdministrator](https://docs.aws.amazon.com/security-lake/latest/APIReference/API_RegisterDataLakeDelegatedAdministrator.html) API to allow Security Lake access to your organization and register Organizations's delegated administrator.
@@ -26,0 +27,6 @@ For information about setting up Organizations, see [Creating and managing an or
+###### For existing Security Lake accounts
+
+If you enabled Security Lake before April 17, 2025, we recommend you to enable the [Service-linked role (SLR) permissions for resource management](./AWSServiceRoleForSecurityLakeResourceManagement.html). By using this SLR, you can continue to perform ongoing monitoring and performance improvements, that can potentially reduce latency and costs. For information about the permissions associated with this SLR, see [Service-linked role (SLR) permissions for resource management](./AWSServiceRoleForSecurityLakeResourceManagement.html).
+
+If you use Security Lake console, you will receive a notification prompting you to enable the AWSServiceRoleForSecurityLakeResourceManagement. If you use AWS CLI, see [Creating the Security Lake service-linked role](https://docs.aws.amazon.com/security-lake/latest/userguide/AWSServiceRoleForSecurityLakeResourceManagement.html#create-slr).
+