AWS security-lake documentation change
Summary
Updated delegated administrator guidance to recommend Log Archive account
Security assessment
Improves security posture by aligning with AWS organizational best practices, but does not address a specific vulnerability.
Diff
diff --git a/security-lake/latest/userguide/multi-account-management.md b/security-lake/latest/userguide/multi-account-management.md index 830c650d9..13cb2a7a8 100644 --- a//security-lake/latest/userguide/multi-account-management.md +++ b//security-lake/latest/userguide/multi-account-management.md @@ -114 +114,3 @@ Sign in using the credentials of the management account for your organization. - 3. Under **Delegate administration to another account** , select the account that already serves as the delegated administrator for other AWS security services (recommended). Alternatively, enter the 12-digit AWS account ID of the account that you want to designate as the delegated Security Lake administrator. + 3. Under **Delegate administration to another account** , enter the 12-digit AWS account ID of your Log Archive account. + +We recommend using the Log Archive as delegated Security Lake administrator. For more information, see Important considerations for delegated Security Lake administrators.