aws-cdk-lib 2.138.0__py3-none-any.whl → 2.139.1__py3-none-any.whl

aws_cdk/aws_securitylake/__init__.py

@@ -70,7 +70,12 @@ class CfnAwsLogSource(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_securitylake.CfnAwsLogSource",
 ):
-    '''Resource Type definition for AWS::SecurityLake::AwsLogSource.
+    '''Adds a natively supported AWS service as an AWS source.
+
+    Enables source types for member accounts in required AWS Regions, based on the parameters you specify. You can choose any source type in any Region for either accounts that are part of a trusted organization or standalone accounts. Once you add an AWS service as a source, Security Lake starts collecting logs and events from it.
+    .. epigraph::
+
+       If you want to create multiple sources using ``AWS::SecurityLake::AwsLogSource`` , you must use the ``DependsOn`` attribute to create the sources sequentially. With the ``DependsOn`` attribute you can specify that the creation of a specific ``AWSLogSource`` follows another. When you add a ``DependsOn`` attribute to a resource, that resource is created only after the creation of the resource specified in the ``DependsOn`` attribute. For an example, see `Add AWS log sources <https://docs.aws.amazon.com//AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-awslogsource.html#aws-resource-securitylake-awslogsource--examples>`_ .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-awslogsource.html
     :cloudformationResource: AWS::SecurityLake::AwsLogSource
@@ -105,10 +110,10 @@ class CfnAwsLogSource(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param data_lake_arn: The ARN for the data lake.
-        :param source_name: The name for a AWS source. This must be a Regionally unique value.
-        :param source_version: The version for a AWS source. This must be a Regionally unique value.
-        :param accounts: AWS account where you want to collect logs from.
+        :param data_lake_arn: The Amazon Resource Name (ARN) used to create the data lake.
+        :param source_name: The name for a AWS source. This must be a Regionally unique value. For the list of sources supported by Amazon Security Lake see `Collecting data from AWS services <https://docs.aws.amazon.com//security-lake/latest/userguide/internal-sources.html>`_ in the Amazon Security Lake User Guide.
+        :param source_version: The version for a AWS source. For more details about source versions supported by Amazon Security Lake see `OCSF source identification <https://docs.aws.amazon.com//security-lake/latest/userguide/open-cybersecurity-schema-framework.html#ocsf-source-identification>`_ in the Amazon Security Lake User Guide. This must be a Regionally unique value.
+        :param accounts: Specify the AWS account information where you want to enable Security Lake.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__c67fc1d68d61ef9dead7d443499c1a142da192386efc06474b3758994937de6b)
@@ -161,7 +166,7 @@ class CfnAwsLogSource(
     @builtins.property
     @jsii.member(jsii_name="dataLakeArn")
     def data_lake_arn(self) -> builtins.str:
-        '''The ARN for the data lake.'''
+        '''The Amazon Resource Name (ARN) used to create the data lake.'''
         return typing.cast(builtins.str, jsii.get(self, "dataLakeArn"))
 
     @data_lake_arn.setter
@@ -200,7 +205,7 @@ class CfnAwsLogSource(
     @builtins.property
     @jsii.member(jsii_name="accounts")
     def accounts(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''AWS account where you want to collect logs from.'''
+        '''Specify the AWS account information where you want to enable Security Lake.'''
         return typing.cast(typing.Optional[typing.List[builtins.str]], jsii.get(self, "accounts"))
 
     @accounts.setter
@@ -232,10 +237,10 @@ class CfnAwsLogSourceProps:
     ) -> None:
         '''Properties for defining a ``CfnAwsLogSource``.
 
-        :param data_lake_arn: The ARN for the data lake.
-        :param source_name: The name for a AWS source. This must be a Regionally unique value.
-        :param source_version: The version for a AWS source. This must be a Regionally unique value.
-        :param accounts: AWS account where you want to collect logs from.
+        :param data_lake_arn: The Amazon Resource Name (ARN) used to create the data lake.
+        :param source_name: The name for a AWS source. This must be a Regionally unique value. For the list of sources supported by Amazon Security Lake see `Collecting data from AWS services <https://docs.aws.amazon.com//security-lake/latest/userguide/internal-sources.html>`_ in the Amazon Security Lake User Guide.
+        :param source_version: The version for a AWS source. For more details about source versions supported by Amazon Security Lake see `OCSF source identification <https://docs.aws.amazon.com//security-lake/latest/userguide/open-cybersecurity-schema-framework.html#ocsf-source-identification>`_ in the Amazon Security Lake User Guide. This must be a Regionally unique value.
+        :param accounts: Specify the AWS account information where you want to enable Security Lake.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-awslogsource.html
         :exampleMetadata: fixture=_generated
@@ -271,7 +276,7 @@ class CfnAwsLogSourceProps:
 
     @builtins.property
     def data_lake_arn(self) -> builtins.str:
-        '''The ARN for the data lake.
+        '''The Amazon Resource Name (ARN) used to create the data lake.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-awslogsource.html#cfn-securitylake-awslogsource-datalakearn
         '''
@@ -283,7 +288,7 @@ class CfnAwsLogSourceProps:
     def source_name(self) -> builtins.str:
         '''The name for a AWS source.
 
-        This must be a Regionally unique value.
+        This must be a Regionally unique value. For the list of sources supported by Amazon Security Lake see `Collecting data from AWS services <https://docs.aws.amazon.com//security-lake/latest/userguide/internal-sources.html>`_ in the Amazon Security Lake User Guide.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-awslogsource.html#cfn-securitylake-awslogsource-sourcename
         '''
@@ -295,7 +300,7 @@ class CfnAwsLogSourceProps:
     def source_version(self) -> builtins.str:
         '''The version for a AWS source.
 
-        This must be a Regionally unique value.
+        For more details about source versions supported by Amazon Security Lake see `OCSF source identification <https://docs.aws.amazon.com//security-lake/latest/userguide/open-cybersecurity-schema-framework.html#ocsf-source-identification>`_ in the Amazon Security Lake User Guide. This must be a Regionally unique value.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-awslogsource.html#cfn-securitylake-awslogsource-sourceversion
         '''
@@ -305,7 +310,7 @@ class CfnAwsLogSourceProps:
 
     @builtins.property
     def accounts(self) -> typing.Optional[typing.List[builtins.str]]:
-        '''AWS account where you want to collect logs from.
+        '''Specify the AWS account information where you want to enable Security Lake.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-awslogsource.html#cfn-securitylake-awslogsource-accounts
         '''
@@ -330,7 +335,11 @@ class CfnDataLake(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_securitylake.CfnDataLake",
 ):
-    '''Resource Type definition for AWS::SecurityLake::DataLake.
+    '''Initializes an Amazon Security Lake instance with the provided (or default) configuration.
+
+    You can enable Security Lake in AWS Regions with customized settings before enabling log collection in Regions. To specify particular Regions, configure these Regions using the ``configurations`` parameter. If you have already enabled Security Lake in a Region when you call this command, the command will update the Region if you provide new configuration parameters. If you have not already enabled Security Lake in the Region when you call this API, it will set up the data lake in the Region with the specified configurations.
+
+    When you enable Security Lake , it starts ingesting security data after the ``CreateAwsLogSource`` call. This includes ingesting security data from sources, storing data, and making data accessible to subscribers. Security Lake also enables all the existing settings and resources that it stores or maintains for your AWS account in the current Region, including security log and event data. For more information, see the `Amazon Security Lake User Guide <https://docs.aws.amazon.com//security-lake/latest/userguide/what-is-security-lake.html>`_ .
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-datalake.html
     :cloudformationResource: AWS::SecurityLake::DataLake
@@ -381,11 +390,11 @@ class CfnDataLake(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param encryption_configuration: Provides encryption details of Amazon Security Lake object.
-        :param lifecycle_configuration: Provides lifecycle details of Amazon Security Lake object.
-        :param meta_store_manager_role_arn: The Amazon Resource Name (ARN) used to index AWS Glue table partitions that are generated by the ingestion and normalization of AWS log sources and custom sources.
+        :param encryption_configuration: Provides encryption details of the Amazon Security Lake object.
+        :param lifecycle_configuration: You can customize Security Lake to store data in your preferred AWS Regions for your preferred amount of time. Lifecycle management can help you comply with different compliance requirements. For more details, see `Lifecycle management <https://docs.aws.amazon.com//security-lake/latest/userguide/lifecycle-management.html>`_ in the Amazon Security Lake User Guide.
+        :param meta_store_manager_role_arn: The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
         :param replication_configuration: Provides replication details of Amazon Security Lake object.
-        :param tags: 
+        :param tags: An array of objects, one for each tag to associate with the data lake configuration. For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string.
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__ff487a50882ee11f396717fb970b445f3274af88108d1c1d390543dfb1fdf534)
@@ -434,7 +443,7 @@ class CfnDataLake(
     @builtins.property
     @jsii.member(jsii_name="attrArn")
     def attr_arn(self) -> builtins.str:
-        '''The Amazon Resource Name (ARN) created by you to provide to the subscriber.
+        '''The Amazon Resource Name (ARN) of the data lake.
 
         :cloudformationAttribute: Arn
         '''
@@ -443,7 +452,7 @@ class CfnDataLake(
     @builtins.property
     @jsii.member(jsii_name="attrS3BucketArn")
     def attr_s3_bucket_arn(self) -> builtins.str:
-        '''The ARN for the Amazon Security Lake Amazon S3 bucket.
+        '''The Amazon Resource Name (ARN) of the Amazon S3 bucket.
 
         :cloudformationAttribute: S3BucketArn
         '''
@@ -465,7 +474,7 @@ class CfnDataLake(
     def encryption_configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDataLake.EncryptionConfigurationProperty"]]:
-        '''Provides encryption details of Amazon Security Lake object.'''
+        '''Provides encryption details of the Amazon Security Lake object.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDataLake.EncryptionConfigurationProperty"]], jsii.get(self, "encryptionConfiguration"))
 
     @encryption_configuration.setter
@@ -483,7 +492,7 @@ class CfnDataLake(
     def lifecycle_configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDataLake.LifecycleConfigurationProperty"]]:
-        '''Provides lifecycle details of Amazon Security Lake object.'''
+        '''You can customize Security Lake to store data in your preferred AWS Regions for your preferred amount of time.'''
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDataLake.LifecycleConfigurationProperty"]], jsii.get(self, "lifecycleConfiguration"))
 
     @lifecycle_configuration.setter
@@ -499,7 +508,7 @@ class CfnDataLake(
     @builtins.property
     @jsii.member(jsii_name="metaStoreManagerRoleArn")
     def meta_store_manager_role_arn(self) -> typing.Optional[builtins.str]:
-        '''The Amazon Resource Name (ARN) used to index AWS Glue table partitions that are generated by the ingestion and normalization of AWS log sources and custom sources.'''
+        '''The Amazon Resource Name (ARN) used to create and update the AWS Glue table.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "metaStoreManagerRoleArn"))
 
     @meta_store_manager_role_arn.setter
@@ -530,6 +539,7 @@ class CfnDataLake(
     @builtins.property
     @jsii.member(jsii_name="tags")
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
+        '''An array of objects, one for each tag to associate with the data lake configuration.'''
         return typing.cast(typing.Optional[typing.List[_CfnTag_f6864754]], jsii.get(self, "tags"))
 
     @tags.setter
@@ -546,9 +556,11 @@ class CfnDataLake(
     )
     class EncryptionConfigurationProperty:
         def __init__(self, *, kms_key_id: typing.Optional[builtins.str] = None) -> None:
-            '''Provides encryption details of Amazon Security Lake object.
+            '''Provides encryption details of the Amazon Security Lake object.
+
+            The AWS shared responsibility model applies to data protection in Amazon Security Lake . As described in this model, AWS is responsible for protecting the global infrastructure that runs all of the AWS Cloud. You are responsible for maintaining control over your content that is hosted on this infrastructure. For more details, see `Data protection <https://docs.aws.amazon.com//security-lake/latest/userguide/data-protection.html>`_ in the Amazon Security Lake User Guide.
 
-            :param kms_key_id: The id of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object.
+            :param kms_key_id: The ID of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-encryptionconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -572,7 +584,7 @@ class CfnDataLake(
 
         @builtins.property
         def kms_key_id(self) -> typing.Optional[builtins.str]:
-            '''The id of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object.
+            '''The ID of KMS encryption key used by Amazon Security Lake to encrypt the Security Lake object.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-encryptionconfiguration.html#cfn-securitylake-datalake-encryptionconfiguration-kmskeyid
             '''
@@ -597,9 +609,11 @@ class CfnDataLake(
     )
     class ExpirationProperty:
         def __init__(self, *, days: typing.Optional[jsii.Number] = None) -> None:
-            '''Provides data expiration details of Amazon Security Lake object.
+            '''Provides data expiration details of the Amazon Security Lake object.
+
+            You can specify your preferred Amazon S3 storage class and the time period for S3 objects to stay in that storage class before they expire. For more information about Amazon S3 Lifecycle configurations, see `Managing your storage lifecycle <https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html>`_ in the *Amazon Simple Storage Service User Guide* .
 
-            :param days: Number of days before data expires in the Amazon Security Lake object.
+            :param days: The number of days before data expires in the Amazon Security Lake object.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-expiration.html
             :exampleMetadata: fixture=_generated
@@ -623,7 +637,7 @@ class CfnDataLake(
 
         @builtins.property
         def days(self) -> typing.Optional[jsii.Number]:
-            '''Number of days before data expires in the Amazon Security Lake object.
+            '''The number of days before data expires in the Amazon Security Lake object.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-expiration.html#cfn-securitylake-datalake-expiration-days
             '''
@@ -655,8 +669,15 @@ class CfnDataLake(
         ) -> None:
             '''Provides lifecycle details of Amazon Security Lake object.
 
-            :param expiration: Provides data expiration details of Amazon Security Lake object.
-            :param transitions: Provides data storage transition details of Amazon Security Lake object.
+            To manage your data so that it is stored cost effectively, you can configure retention settings for the data. You can specify your preferred Amazon S3 storage class and the time period for Amazon S3 objects to stay in that storage class before they transition to a different storage class or expire. For more information about Amazon S3 Lifecycle configurations, see `Managing your storage lifecycle <https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html>`_ in the *Amazon Simple Storage Service User Guide* .
+
+            In Security Lake , you specify retention settings at the Region level. For example, you might choose to transition all S3 objects in a specific AWS Region to the ``S3 Standard-IA`` storage class 30 days after they're written to the data lake. The default Amazon S3 storage class is S3 Standard.
+            .. epigraph::
+
+               Security Lake doesn't support Amazon S3 Object Lock. When the data lake buckets are created, S3 Object Lock is disabled by default. Enabling S3 Object Lock with default retention mode interrupts the delivery of normalized log data to the data lake.
+
+            :param expiration: Provides data expiration details of the Amazon Security Lake object.
+            :param transitions: Provides data storage transition details of Amazon Security Lake object. By configuring these settings, you can specify your preferred Amazon S3 storage class and the time period for S3 objects to stay in that storage class before they transition to a different storage class.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-lifecycleconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -691,7 +712,7 @@ class CfnDataLake(
         def expiration(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDataLake.ExpirationProperty"]]:
-            '''Provides data expiration details of Amazon Security Lake object.
+            '''Provides data expiration details of the Amazon Security Lake object.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-lifecycleconfiguration.html#cfn-securitylake-datalake-lifecycleconfiguration-expiration
             '''
@@ -704,6 +725,8 @@ class CfnDataLake(
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnDataLake.TransitionsProperty"]]]]:
             '''Provides data storage transition details of Amazon Security Lake object.
 
+            By configuring these settings, you can specify your preferred Amazon S3 storage class and the time period for S3 objects to stay in that storage class before they transition to a different storage class.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-lifecycleconfiguration.html#cfn-securitylake-datalake-lifecycleconfiguration-transitions
             '''
             result = self._values.get("transitions")
@@ -732,10 +755,10 @@ class CfnDataLake(
             regions: typing.Optional[typing.Sequence[builtins.str]] = None,
             role_arn: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''Provides replication details of Amazon Security Lake object.
+            '''Provides replication configuration details for objects stored in the Amazon Security Lake data lake.
 
-            :param regions: Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Amazon S3 buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different AWS Regions or within the same Region as the source bucket.
-            :param role_arn: Replication settings for the Amazon S3 buckets. This parameter uses the AWS Identity and Access Management (IAM) role you created that is managed by Security Lake, to ensure the replication setting is correct.
+            :param regions: Specifies one or more centralized rollup Regions. The AWS Region specified in the region parameter of the ``CreateDataLake`` or ``UpdateDataLake`` operations contributes data to the rollup Region or Regions specified in this parameter. Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. S3 buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different Regions or within the same Region as the source bucket.
+            :param role_arn: Replication settings for the Amazon S3 buckets. This parameter uses the AWS Identity and Access Management (IAM) role you created that is managed by Security Lake , to ensure the replication setting is correct.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-replicationconfiguration.html
             :exampleMetadata: fixture=_generated
@@ -763,9 +786,11 @@ class CfnDataLake(
 
         @builtins.property
         def regions(self) -> typing.Optional[typing.List[builtins.str]]:
-            '''Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets.
+            '''Specifies one or more centralized rollup Regions.
+
+            The AWS Region specified in the region parameter of the ``CreateDataLake`` or ``UpdateDataLake`` operations contributes data to the rollup Region or Regions specified in this parameter.
 
-            Amazon S3 buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different AWS Regions or within the same Region as the source bucket.
+            Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. S3 buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different Regions or within the same Region as the source bucket.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-replicationconfiguration.html#cfn-securitylake-datalake-replicationconfiguration-regions
             '''
@@ -776,7 +801,7 @@ class CfnDataLake(
         def role_arn(self) -> typing.Optional[builtins.str]:
             '''Replication settings for the Amazon S3 buckets.
 
-            This parameter uses the AWS Identity and Access Management (IAM) role you created that is managed by Security Lake, to ensure the replication setting is correct.
+            This parameter uses the AWS Identity and Access Management (IAM) role you created that is managed by Security Lake , to ensure the replication setting is correct.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-replicationconfiguration.html#cfn-securitylake-datalake-replicationconfiguration-rolearn
             '''
@@ -806,9 +831,12 @@ class CfnDataLake(
             days: typing.Optional[jsii.Number] = None,
             storage_class: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''
-            :param days: Number of days before data transitions to a different S3 Storage Class in the Amazon Security Lake object.
-            :param storage_class: The range of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads.
+            '''Provides transition lifecycle details of the Amazon Security Lake object.
+
+            For more information about Amazon S3 Lifecycle configurations, see `Managing your storage lifecycle <https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html>`_ in the *Amazon Simple Storage Service User Guide* .
+
+            :param days: The number of days before data transitions to a different S3 Storage Class in the Amazon Security Lake object.
+            :param storage_class: The list of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads. The default storage class is S3 Standard.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-transitions.html
             :exampleMetadata: fixture=_generated
@@ -836,7 +864,7 @@ class CfnDataLake(
 
         @builtins.property
         def days(self) -> typing.Optional[jsii.Number]:
-            '''Number of days before data transitions to a different S3 Storage Class in the Amazon Security Lake object.
+            '''The number of days before data transitions to a different S3 Storage Class in the Amazon Security Lake object.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-transitions.html#cfn-securitylake-datalake-transitions-days
             '''
@@ -845,7 +873,9 @@ class CfnDataLake(
 
         @builtins.property
         def storage_class(self) -> typing.Optional[builtins.str]:
-            '''The range of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads.
+            '''The list of storage classes that you can choose from based on the data access, resiliency, and cost requirements of your workloads.
+
+            The default storage class is S3 Standard.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-datalake-transitions.html#cfn-securitylake-datalake-transitions-storageclass
             '''
@@ -887,11 +917,11 @@ class CfnDataLakeProps:
     ) -> None:
         '''Properties for defining a ``CfnDataLake``.
 
-        :param encryption_configuration: Provides encryption details of Amazon Security Lake object.
-        :param lifecycle_configuration: Provides lifecycle details of Amazon Security Lake object.
-        :param meta_store_manager_role_arn: The Amazon Resource Name (ARN) used to index AWS Glue table partitions that are generated by the ingestion and normalization of AWS log sources and custom sources.
+        :param encryption_configuration: Provides encryption details of the Amazon Security Lake object.
+        :param lifecycle_configuration: You can customize Security Lake to store data in your preferred AWS Regions for your preferred amount of time. Lifecycle management can help you comply with different compliance requirements. For more details, see `Lifecycle management <https://docs.aws.amazon.com//security-lake/latest/userguide/lifecycle-management.html>`_ in the Amazon Security Lake User Guide.
+        :param meta_store_manager_role_arn: The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
         :param replication_configuration: Provides replication details of Amazon Security Lake object.
-        :param tags: 
+        :param tags: An array of objects, one for each tag to associate with the data lake configuration. For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-datalake.html
         :exampleMetadata: fixture=_generated
@@ -949,7 +979,7 @@ class CfnDataLakeProps:
     def encryption_configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnDataLake.EncryptionConfigurationProperty]]:
-        '''Provides encryption details of Amazon Security Lake object.
+        '''Provides encryption details of the Amazon Security Lake object.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-datalake.html#cfn-securitylake-datalake-encryptionconfiguration
         '''
@@ -960,7 +990,9 @@ class CfnDataLakeProps:
     def lifecycle_configuration(
         self,
     ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnDataLake.LifecycleConfigurationProperty]]:
-        '''Provides lifecycle details of Amazon Security Lake object.
+        '''You can customize Security Lake to store data in your preferred AWS Regions for your preferred amount of time.
+
+        Lifecycle management can help you comply with different compliance requirements. For more details, see `Lifecycle management <https://docs.aws.amazon.com//security-lake/latest/userguide/lifecycle-management.html>`_ in the Amazon Security Lake User Guide.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-datalake.html#cfn-securitylake-datalake-lifecycleconfiguration
         '''
@@ -969,7 +1001,9 @@ class CfnDataLakeProps:
 
     @builtins.property
     def meta_store_manager_role_arn(self) -> typing.Optional[builtins.str]:
-        '''The Amazon Resource Name (ARN) used to index AWS Glue table partitions that are generated by the ingestion and normalization of AWS log sources and custom sources.
+        '''The Amazon Resource Name (ARN) used to create and update the AWS Glue table.
+
+        This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-datalake.html#cfn-securitylake-datalake-metastoremanagerrolearn
         '''
@@ -989,7 +1023,10 @@ class CfnDataLakeProps:
 
     @builtins.property
     def tags(self) -> typing.Optional[typing.List[_CfnTag_f6864754]]:
-        '''
+        '''An array of objects, one for each tag to associate with the data lake configuration.
+
+        For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string.
+
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-datalake.html#cfn-securitylake-datalake-tags
         '''
         result = self._values.get("tags")
@@ -1013,7 +1050,9 @@ class CfnSubscriber(
     metaclass=jsii.JSIIMeta,
     jsii_type="aws-cdk-lib.aws_securitylake.CfnSubscriber",
 ):
-    '''Resource Type definition for AWS::SecurityLake::Subscriber.
+    '''Creates a subscriber for accounts that are already enabled in Amazon Security Lake.
+
+    You can create a subscriber with access to data in the current AWS Region.
 
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-subscriber.html
     :cloudformationResource: AWS::SecurityLake::Subscriber
@@ -1069,12 +1108,12 @@ class CfnSubscriber(
         '''
         :param scope: Scope in which this resource is defined.
         :param id: Construct identifier for this resource (unique in its scope).
-        :param access_types: The Amazon S3 or AWS Lake Formation access type.
-        :param data_lake_arn: The ARN for the data lake.
-        :param sources: The supported AWS services from which logs and events are collected.
+        :param access_types: You can choose to notify subscribers of new objects with an Amazon Simple Queue Service (Amazon SQS) queue or through messaging to an HTTPS endpoint provided by the subscriber. Subscribers can consume data by directly querying AWS Lake Formation tables in your Amazon S3 bucket through services like Amazon Athena. This subscription type is defined as ``LAKEFORMATION`` .
+        :param data_lake_arn: The Amazon Resource Name (ARN) used to create the data lake.
+        :param sources: Amazon Security Lake supports log and event collection for natively supported AWS services . For more information, see the `Amazon Security Lake User Guide <https://docs.aws.amazon.com//security-lake/latest/userguide/source-management.html>`_ .
         :param subscriber_identity: The AWS identity used to access your data.
-        :param subscriber_name: The name of your Security Lake subscriber account.
-        :param subscriber_description: The description for your subscriber account in Security Lake.
+        :param subscriber_name: The name of your Amazon Security Lake subscriber account.
+        :param subscriber_description: The subscriber descriptions for a subscriber account. The description for a subscriber includes ``subscriberName`` , ``accountID`` , ``externalID`` , and ``subscriberId`` .
         :param tags: An array of objects, one for each tag to associate with the subscriber. For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string.
         '''
         if __debug__:
@@ -1126,7 +1165,8 @@ class CfnSubscriber(
     @builtins.property
     @jsii.member(jsii_name="attrResourceShareArn")
     def attr_resource_share_arn(self) -> builtins.str:
-        '''
+        '''The Amazon Resource Name (ARN) of the Amazon Security Lake subscriber.
+
         :cloudformationAttribute: ResourceShareArn
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrResourceShareArn"))
@@ -1134,7 +1174,8 @@ class CfnSubscriber(
     @builtins.property
     @jsii.member(jsii_name="attrResourceShareName")
     def attr_resource_share_name(self) -> builtins.str:
-        '''
+        '''The ARN name of the Amazon Security Lake subscriber.
+
         :cloudformationAttribute: ResourceShareName
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrResourceShareName"))
@@ -1142,7 +1183,8 @@ class CfnSubscriber(
     @builtins.property
     @jsii.member(jsii_name="attrS3BucketArn")
     def attr_s3_bucket_arn(self) -> builtins.str:
-        '''
+        '''The Amazon Resource Name (ARN) of the S3 bucket.
+
         :cloudformationAttribute: S3BucketArn
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrS3BucketArn"))
@@ -1150,7 +1192,8 @@ class CfnSubscriber(
     @builtins.property
     @jsii.member(jsii_name="attrSubscriberArn")
     def attr_subscriber_arn(self) -> builtins.str:
-        '''
+        '''The Amazon Resource Name (ARN) of the Security Lake subscriber.
+
         :cloudformationAttribute: SubscriberArn
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrSubscriberArn"))
@@ -1158,7 +1201,8 @@ class CfnSubscriber(
     @builtins.property
     @jsii.member(jsii_name="attrSubscriberRoleArn")
     def attr_subscriber_role_arn(self) -> builtins.str:
-        '''
+        '''The Amazon Resource Name (ARN) of the role used to create the Security Lake subscriber.
+
         :cloudformationAttribute: SubscriberRoleArn
         '''
         return typing.cast(builtins.str, jsii.get(self, "attrSubscriberRoleArn"))
@@ -1177,7 +1221,7 @@ class CfnSubscriber(
     @builtins.property
     @jsii.member(jsii_name="accessTypes")
     def access_types(self) -> typing.List[builtins.str]:
-        '''The Amazon S3 or AWS Lake Formation access type.'''
+        '''You can choose to notify subscribers of new objects with an Amazon Simple Queue Service (Amazon SQS) queue or through messaging to an HTTPS endpoint provided by the subscriber.'''
         return typing.cast(typing.List[builtins.str], jsii.get(self, "accessTypes"))
 
     @access_types.setter
@@ -1190,7 +1234,7 @@ class CfnSubscriber(
     @builtins.property
     @jsii.member(jsii_name="dataLakeArn")
     def data_lake_arn(self) -> builtins.str:
-        '''The ARN for the data lake.'''
+        '''The Amazon Resource Name (ARN) used to create the data lake.'''
         return typing.cast(builtins.str, jsii.get(self, "dataLakeArn"))
 
     @data_lake_arn.setter
@@ -1205,7 +1249,7 @@ class CfnSubscriber(
     def sources(
         self,
     ) -> typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnSubscriber.SourceProperty"]]]:
-        '''The supported AWS services from which logs and events are collected.'''
+        '''Amazon Security Lake supports log and event collection for natively supported AWS services .'''
         return typing.cast(typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnSubscriber.SourceProperty"]]], jsii.get(self, "sources"))
 
     @sources.setter
@@ -1239,7 +1283,7 @@ class CfnSubscriber(
     @builtins.property
     @jsii.member(jsii_name="subscriberName")
     def subscriber_name(self) -> builtins.str:
-        '''The name of your Security Lake subscriber account.'''
+        '''The name of your Amazon Security Lake subscriber account.'''
         return typing.cast(builtins.str, jsii.get(self, "subscriberName"))
 
     @subscriber_name.setter
@@ -1252,7 +1296,7 @@ class CfnSubscriber(
     @builtins.property
     @jsii.member(jsii_name="subscriberDescription")
     def subscriber_description(self) -> typing.Optional[builtins.str]:
-        '''The description for your subscriber account in Security Lake.'''
+        '''The subscriber descriptions for a subscriber account.'''
         return typing.cast(typing.Optional[builtins.str], jsii.get(self, "subscriberDescription"))
 
     @subscriber_description.setter
@@ -1287,10 +1331,12 @@ class CfnSubscriber(
             source_name: typing.Optional[builtins.str] = None,
             source_version: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''Amazon Security Lake supports log and event collection for natively supported AWS services.
+            '''Adds a natively supported AWS service as an Amazon Security Lake source.
 
-            :param source_name: The name for a AWS source. This must be a Regionally unique value.
-            :param source_version: The version for a AWS source. This must be a Regionally unique value.
+            Enables source types for member accounts in required AWS Regions, based on the parameters you specify. You can choose any source type in any Region for either accounts that are part of a trusted organization or standalone accounts. Once you add an AWS service as a source, Security Lake starts collecting logs and events from it.
+
+            :param source_name: Source name of the natively supported AWS service that is supported as an Amazon Security Lake source. For the list of sources supported by Amazon Security Lake see `Collecting data from AWS services <https://docs.aws.amazon.com//security-lake/latest/userguide/internal-sources.html>`_ in the Amazon Security Lake User Guide.
+            :param source_version: Source version of the natively supported AWS service that is supported as an Amazon Security Lake source. For more details about source versions supported by Amazon Security Lake see `OCSF source identification <https://docs.aws.amazon.com//security-lake/latest/userguide/open-cybersecurity-schema-framework.html#ocsf-source-identification>`_ in the Amazon Security Lake User Guide.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-awslogsource.html
             :exampleMetadata: fixture=_generated
@@ -1318,9 +1364,9 @@ class CfnSubscriber(
 
         @builtins.property
         def source_name(self) -> typing.Optional[builtins.str]:
-            '''The name for a AWS source.
+            '''Source name of the natively supported AWS service that is supported as an Amazon Security Lake source.
 
-            This must be a Regionally unique value.
+            For the list of sources supported by Amazon Security Lake see `Collecting data from AWS services <https://docs.aws.amazon.com//security-lake/latest/userguide/internal-sources.html>`_ in the Amazon Security Lake User Guide.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-awslogsource.html#cfn-securitylake-subscriber-awslogsource-sourcename
             '''
@@ -1329,9 +1375,9 @@ class CfnSubscriber(
 
         @builtins.property
         def source_version(self) -> typing.Optional[builtins.str]:
-            '''The version for a AWS source.
+            '''Source version of the natively supported AWS service that is supported as an Amazon Security Lake source.
 
-            This must be a Regionally unique value.
+            For more details about source versions supported by Amazon Security Lake see `OCSF source identification <https://docs.aws.amazon.com//security-lake/latest/userguide/open-cybersecurity-schema-framework.html#ocsf-source-identification>`_ in the Amazon Security Lake User Guide.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-awslogsource.html#cfn-securitylake-subscriber-awslogsource-sourceversion
             '''
@@ -1361,9 +1407,12 @@ class CfnSubscriber(
             source_name: typing.Optional[builtins.str] = None,
             source_version: typing.Optional[builtins.str] = None,
         ) -> None:
-            '''
-            :param source_name: The name for a third-party custom source. This must be a Regionally unique value.
-            :param source_version: The version for a third-party custom source. This must be a Regionally unique value.
+            '''Third-party custom log source that meets the requirements to be added to Amazon Security Lake .
+
+            For more details, see `Custom log source <https://docs.aws.amazon.com//security-lake/latest/userguide/custom-sources.html#iam-roles-custom-sources>`_ in the *Amazon Security Lake User Guide* .
+
+            :param source_name: The name of the custom log source.
+            :param source_version: The source version of the custom log source.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-customlogsource.html
             :exampleMetadata: fixture=_generated
@@ -1391,9 +1440,7 @@ class CfnSubscriber(
 
         @builtins.property
         def source_name(self) -> typing.Optional[builtins.str]:
-            '''The name for a third-party custom source.
-
-            This must be a Regionally unique value.
+            '''The name of the custom log source.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-customlogsource.html#cfn-securitylake-subscriber-customlogsource-sourcename
             '''
@@ -1402,9 +1449,7 @@ class CfnSubscriber(
 
         @builtins.property
         def source_version(self) -> typing.Optional[builtins.str]:
-            '''The version for a third-party custom source.
-
-            This must be a Regionally unique value.
+            '''The source version of the custom log source.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-customlogsource.html#cfn-securitylake-subscriber-customlogsource-sourceversion
             '''
@@ -1437,9 +1482,12 @@ class CfnSubscriber(
             aws_log_source: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnSubscriber.AwsLogSourceProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
             custom_log_source: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnSubscriber.CustomLogSourceProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         ) -> None:
-            '''
-            :param aws_log_source: Amazon Security Lake supports log and event collection for natively supported AWS services.
-            :param custom_log_source: 
+            '''Sources are logs and events generated from a single system that match a specific event class in the Open Cybersecurity Schema Framework (OCSF) schema.
+
+            Amazon Security Lake can collect logs and events from a variety of sources, including natively supported AWS services and third-party custom sources.
+
+            :param aws_log_source: The natively supported AWS service which is used a Amazon Security Lake source to collect logs and events from.
+            :param custom_log_source: The custom log source AWS which is used a Amazon Security Lake source to collect logs and events from.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-source.html
             :exampleMetadata: fixture=_generated
@@ -1475,7 +1523,7 @@ class CfnSubscriber(
         def aws_log_source(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnSubscriber.AwsLogSourceProperty"]]:
-            '''Amazon Security Lake supports log and event collection for natively supported AWS services.
+            '''The natively supported AWS service which is used a Amazon Security Lake source to collect logs and events from.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-source.html#cfn-securitylake-subscriber-source-awslogsource
             '''
@@ -1486,7 +1534,8 @@ class CfnSubscriber(
         def custom_log_source(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnSubscriber.CustomLogSourceProperty"]]:
-            '''
+            '''The custom log source AWS which is used a Amazon Security Lake source to collect logs and events from.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-source.html#cfn-securitylake-subscriber-source-customlogsource
             '''
             result = self._values.get("custom_log_source")
@@ -1515,10 +1564,10 @@ class CfnSubscriber(
             external_id: builtins.str,
             principal: builtins.str,
         ) -> None:
-            '''The AWS identity used to access your data.
+            '''Specify the AWS account ID and external ID that the subscriber will use to access source data.
 
-            :param external_id: The external ID used to establish trust relationship with the AWS identity.
-            :param principal: The AWS identity principal.
+            :param external_id: The external ID is a unique identifier that the subscriber provides to you.
+            :param principal: Principals can include accounts, users, roles, federated users, or AWS services.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-subscriberidentity.html
             :exampleMetadata: fixture=_generated
@@ -1545,7 +1594,7 @@ class CfnSubscriber(
 
         @builtins.property
         def external_id(self) -> builtins.str:
-            '''The external ID used to establish trust relationship with the AWS identity.
+            '''The external ID is a unique identifier that the subscriber provides to you.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-subscriberidentity.html#cfn-securitylake-subscriber-subscriberidentity-externalid
             '''
@@ -1555,7 +1604,7 @@ class CfnSubscriber(
 
         @builtins.property
         def principal(self) -> builtins.str:
-            '''The AWS identity principal.
+            '''Principals can include accounts, users, roles, federated users, or AWS services.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securitylake-subscriber-subscriberidentity.html#cfn-securitylake-subscriber-subscriberidentity-principal
             '''
@@ -1602,12 +1651,12 @@ class CfnSubscriberProps:
     ) -> None:
         '''Properties for defining a ``CfnSubscriber``.
 
-        :param access_types: The Amazon S3 or AWS Lake Formation access type.
-        :param data_lake_arn: The ARN for the data lake.
-        :param sources: The supported AWS services from which logs and events are collected.
+        :param access_types: You can choose to notify subscribers of new objects with an Amazon Simple Queue Service (Amazon SQS) queue or through messaging to an HTTPS endpoint provided by the subscriber. Subscribers can consume data by directly querying AWS Lake Formation tables in your Amazon S3 bucket through services like Amazon Athena. This subscription type is defined as ``LAKEFORMATION`` .
+        :param data_lake_arn: The Amazon Resource Name (ARN) used to create the data lake.
+        :param sources: Amazon Security Lake supports log and event collection for natively supported AWS services . For more information, see the `Amazon Security Lake User Guide <https://docs.aws.amazon.com//security-lake/latest/userguide/source-management.html>`_ .
         :param subscriber_identity: The AWS identity used to access your data.
-        :param subscriber_name: The name of your Security Lake subscriber account.
-        :param subscriber_description: The description for your subscriber account in Security Lake.
+        :param subscriber_name: The name of your Amazon Security Lake subscriber account.
+        :param subscriber_description: The subscriber descriptions for a subscriber account. The description for a subscriber includes ``subscriberName`` , ``accountID`` , ``externalID`` , and ``subscriberId`` .
         :param tags: An array of objects, one for each tag to associate with the subscriber. For each tag, you must specify both a tag key and a tag value. A tag value cannot be null, but it can be an empty string.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-subscriber.html
@@ -1669,7 +1718,9 @@ class CfnSubscriberProps:
 
     @builtins.property
     def access_types(self) -> typing.List[builtins.str]:
-        '''The Amazon S3 or AWS Lake Formation access type.
+        '''You can choose to notify subscribers of new objects with an Amazon Simple Queue Service (Amazon SQS) queue or through messaging to an HTTPS endpoint provided by the subscriber.
+
+        Subscribers can consume data by directly querying AWS Lake Formation tables in your Amazon S3 bucket through services like Amazon Athena. This subscription type is defined as ``LAKEFORMATION`` .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-subscriber.html#cfn-securitylake-subscriber-accesstypes
         '''
@@ -1679,7 +1730,7 @@ class CfnSubscriberProps:
 
     @builtins.property
     def data_lake_arn(self) -> builtins.str:
-        '''The ARN for the data lake.
+        '''The Amazon Resource Name (ARN) used to create the data lake.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-subscriber.html#cfn-securitylake-subscriber-datalakearn
         '''
@@ -1691,7 +1742,9 @@ class CfnSubscriberProps:
     def sources(
         self,
     ) -> typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnSubscriber.SourceProperty]]]:
-        '''The supported AWS services from which logs and events are collected.
+        '''Amazon Security Lake supports log and event collection for natively supported AWS services .
+
+        For more information, see the `Amazon Security Lake User Guide <https://docs.aws.amazon.com//security-lake/latest/userguide/source-management.html>`_ .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-subscriber.html#cfn-securitylake-subscriber-sources
         '''
@@ -1713,7 +1766,7 @@ class CfnSubscriberProps:
 
     @builtins.property
     def subscriber_name(self) -> builtins.str:
-        '''The name of your Security Lake subscriber account.
+        '''The name of your Amazon Security Lake subscriber account.
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-subscriber.html#cfn-securitylake-subscriber-subscribername
         '''
@@ -1723,7 +1776,9 @@ class CfnSubscriberProps:
 
     @builtins.property
     def subscriber_description(self) -> typing.Optional[builtins.str]:
-        '''The description for your subscriber account in Security Lake.
+        '''The subscriber descriptions for a subscriber account.
+
+        The description for a subscriber includes ``subscriberName`` , ``accountID`` , ``externalID`` , and ``subscriberId`` .
 
         :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securitylake-subscriber.html#cfn-securitylake-subscriber-subscriberdescription
         '''