Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Setting up Security Lake with AWS Organizations

0

I am attempting to set up Security Lake in an AWS organization. I followed the documentation on https://docs.aws.amazon.com/security-lake/latest/userguide/multi-account-management.html by clicking "getting started" in the Security Lake console and attempting to delegate the administration to another account in the organization. I was inside the management account in my organization and I was using an IAM user that had administrator access and all the required permissions listed in the documentation. But when I tried to perform this action, it gave me an error saying "an error occurred. Only the management account can perform this operation for your organization."

Security Lake Error

I then tried performing the CLI command described in the documentation using the same IAM user.

aws securitylake register-data-lake-delegated-administrator --account-id 123456789 (example account number)

This gave me the error "An error occurred (AccessDeniedException) when calling the RegisterDataLakeDelegatedAdministrator operation: Only the management account for your organization can perform this operation for your organization."

I'm not sure how to proceed because I believe I am using an IAM user that is inside the management account for the organization but it is still giving me an error message.

Temas
Gestión y gobiernoSeguridad, identidad y cumplimiento
Etiquetas
AWS OrganizationsAWS Account ManagementAmazon Security Lake
Idioma
English
Steven
preguntada hace 7 meses407 visualizaciones
2 Respuestas
0
Respuesta aceptada

It turned out that the problem was that I had enabled Security Lake when the account was a standalone account before I created the organization. So after I created the organization the old Security Lake resources were still in my account, but it did not give me an option to offboard them. To fix this, you need to remove the organization and offboard as a standalone account, and then add the organization again and then you will be able to onboard successfully.

Steven
respondido hace 6 meses
profile picture
EXPERTO
Giovanni Lauria
revisado hace 2 meses
0

can you please confirm that you are trying to enable delegated adminstrator account from Organization Management account. In Organizations, the account that you use to create the organization is called the management account. To integrate Security Lake with Organizations, the management account must designate a delegated Security Lake administrator account for the organization.

AWS
AWS-User-7653869
respondido hace 7 meses
  • Steven
    hace 7 meses

    Thanks for your response! I was inside the management account when I tried to delegate the security lake administrator, but I still received an error.

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante