AWS Security ChangesHomeSearch

AWS security-lake documentation change

Service: security-lake · 2025-07-01 · Documentation medium

File: security-lake/latest/userguide/multi-account-management.md

Summary

Updated delegated administrator guidance to recommend Log Archive account

Security assessment

Improves security posture by aligning with AWS organizational best practices, but does not address a specific vulnerability.

Diff

diff --git a/security-lake/latest/userguide/multi-account-management.md b/security-lake/latest/userguide/multi-account-management.md
index 830c650d9..13cb2a7a8 100644
--- a//security-lake/latest/userguide/multi-account-management.md
+++ b//security-lake/latest/userguide/multi-account-management.md
@@ -114 +114,3 @@ Sign in using the credentials of the management account for your organization.
-  3. Under **Delegate administration to another account** , select the account that already serves as the delegated administrator for other AWS security services (recommended). Alternatively, enter the 12-digit AWS account ID of the account that you want to designate as the delegated Security Lake administrator.
+  3. Under **Delegate administration to another account** , enter the 12-digit AWS account ID of your Log Archive account. 
+
+We recommend using the Log Archive as delegated Security Lake administrator. For more information, see Important considerations for delegated Security Lake administrators.