Setting up Security Lake with AWS Organizations
I am attempting to set up Security Lake in an AWS organization. I followed the documentation on https://docs.aws.amazon.com/security-lake/latest/userguide/multi-account-management.html by clicking "getting started" in the Security Lake console and attempting to delegate the administration to another account in the organization. I was inside the management account in my organization and I was using an IAM user that had administrator access and all the required permissions listed in the documentation. But when I tried to perform this action, it gave me an error saying "an error occurred. Only the management account can perform this operation for your organization."
I then tried performing the CLI command described in the documentation using the same IAM user.
aws securitylake register-data-lake-delegated-administrator --account-id 123456789 (example account number)
This gave me the error "An error occurred (AccessDeniedException) when calling the RegisterDataLakeDelegatedAdministrator operation: Only the management account for your organization can perform this operation for your organization."
I'm not sure how to proceed because I believe I am using an IAM user that is inside the management account for the organization but it is still giving me an error message.
- 最新
- 投票最多
- 评论最多
It turned out that the problem was that I had enabled Security Lake when the account was a standalone account before I created the organization. So after I created the organization the old Security Lake resources were still in my account, but it did not give me an option to offboard them. To fix this, you need to remove the organization and offboard as a standalone account, and then add the organization again and then you will be able to onboard successfully.
can you please confirm that you are trying to enable delegated adminstrator account from Organization Management account. In Organizations, the account that you use to create the organization is called the management account. To integrate Security Lake with Organizations, the management account must designate a delegated Security Lake administrator account for the organization.
相关内容
AWS 官方已更新 1 年前- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
Thanks for your response! I was inside the management account when I tried to delegate the security lake administrator, but I still received an error.