AWS security-lake documentation change
Summary
Added guidance for existing accounts to enable new resource management SLR and updated delegated administrator instructions
Security assessment
Provides updated guidance for adopting a new service-linked role to improve monitoring capabilities, but no evidence of addressing a security vulnerability.
Diff
diff --git a/security-lake/latest/userguide/multi-account-management.md b/security-lake/latest/userguide/multi-account-management.md index a92f39947..830c650d9 100644 --- a//security-lake/latest/userguide/multi-account-management.md +++ b//security-lake/latest/userguide/multi-account-management.md @@ -21 +21 @@ To enable Security Lake for multiple accounts in an organization, the organizati -Use Security Lake's [RegisterDataLakeDelegatedAdministrator](https://docs.aws.amazon.com/security-lake/latest/APIReference/API_RegisterDataLakeDelegatedAdministrator.html) API to allow Security Lake access to your Organization and register Organizations's delegated administrator. +Use Security Lake's [RegisterDataLakeDelegatedAdministrator](https://docs.aws.amazon.com/security-lake/latest/APIReference/API_RegisterDataLakeDelegatedAdministrator.html) API to allow Security Lake access to your organization and register Organizations's delegated administrator. @@ -26,0 +27,6 @@ For information about setting up Organizations, see [Creating and managing an or +###### For existing Security Lake accounts + +If you enabled Security Lake before April 17, 2025, we recommend you to enable the [Service-linked role (SLR) permissions for resource management](./AWSServiceRoleForSecurityLakeResourceManagement.html). By using this SLR, you can continue to perform ongoing monitoring and performance improvements, that can potentially reduce latency and costs. For information about the permissions associated with this SLR, see [Service-linked role (SLR) permissions for resource management](./AWSServiceRoleForSecurityLakeResourceManagement.html). + +If you use Security Lake console, you will receive a notification prompting you to enable the AWSServiceRoleForSecurityLakeResourceManagement. If you use AWS CLI, see [Creating the Security Lake service-linked role](https://docs.aws.amazon.com/security-lake/latest/userguide/AWSServiceRoleForSecurityLakeResourceManagement.html#create-slr). +