# UpdateDataLake
You can use `UpdateDataLake` to specify where to store your security data, how it should be encrypted at rest and for how long. You can add a [Rollup Region](https://docs.aws.amazon.com/security-lake/latest/userguide/manage-regions.html#add-rollup-region) to consolidate data from multiple AWS Regions, replace default encryption (SSE-S3) with [Customer Manged Key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk), or specify transition and expiration actions through storage [Lifecycle management](https://docs.aws.amazon.com/security-lake/latest/userguide/lifecycle-management.html). The `UpdateDataLake` API works as an "upsert" operation that performs an insert if the specified item or record does not exist, or an update if it already exists. Security Lake securely stores your data at rest using AWS encryption solutions. For more details, see [Data protection in Amazon Security Lake](https://docs.aws.amazon.com/security-lake/latest/userguide/data-protection.html).
For example, omitting the key `encryptionConfiguration` from a Region that is included in an update call that currently uses KMS will leave that Region's KMS key in place, but specifying `encryptionConfiguration: {kmsKeyId: 'S3_MANAGED_KEY'}` for that same Region will reset the key to `S3-managed`.
For more details about lifecycle management and how to update retention settings for one or more Regions after enabling Security Lake, see the [Amazon Security Lake User Guide](https://docs.aws.amazon.com/security-lake/latest/userguide/lifecycle-management.html).
## Request Syntax
```
PUT /v1/datalake HTTP/1.1
Content-type: application/json
{
"configurations": [
{
"encryptionConfiguration": {
"kmsKeyId": "string"
},
"lifecycleConfiguration": {
"expiration": {
"days": number
},
"transitions": [
{
"days": number,
"storageClass": "string"
}
]
},
"region": "string",
"replicationConfiguration": {
"regions": [ "string" ],
"roleArn": "string"
}
}
],
"metaStoreManagerRoleArn": "string"
}
```
## URI Request Parameters
The request does not use any URI parameters.
## Request Body
The request accepts the following data in JSON format.
** [configurations](#API_UpdateDataLake_RequestSyntax) **
Specifies the Region or Regions that will contribute data to the rollup region.
Type: Array of [DataLakeConfiguration](API_DataLakeConfiguration.md) objects
Array Members: Minimum number of 1 item.
Required: Yes
** [metaStoreManagerRoleArn](#API_UpdateDataLake_RequestSyntax) **
The Amazon Resource Name (ARN) used to create and update the AWS Glue table. This table contains partitions generated by the ingestion and normalization of AWS log sources and custom sources.
Type: String
Pattern: `arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+`
Required: No
## Response Syntax
```
HTTP/1.1 200
Content-type: application/json
{
"dataLakes": [
{
"createStatus": "string",
"dataLakeArn": "string",
"encryptionConfiguration": {
"kmsKeyId": "string"
},
"lifecycleConfiguration": {
"expiration": {
"days": number
},
"transitions": [
{
"days": number,
"storageClass": "string"
}
]
},
"region": "string",
"replicationConfiguration": {
"regions": [ "string" ],
"roleArn": "string"
},
"s3BucketArn": "string",
"updateStatus": {
"exception": {
"code": "string",
"reason": "string"
},
"requestId": "string",
"status": "string"
}
}
]
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [dataLakes](#API_UpdateDataLake_ResponseSyntax) **
The created Security Lake configuration object.
Type: Array of [DataLakeResource](API_DataLakeResource.md) objects
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** AccessDeniedException **
You do not have sufficient access to perform this action. Access denied errors appear when Amazon Security Lake explicitly or implicitly denies an authorization request. An explicit denial occurs when a policy contains a Deny statement for the specific AWS action. An implicit denial occurs when there is no applicable Deny statement and also no applicable Allow statement.
** errorCode **
A coded string to provide more information about the access denied exception. You can use the error code to check the exception type.
HTTP Status Code: 403
** BadRequestException **
The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
HTTP Status Code: 400
** ConflictException **
Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.
** resourceName **
The resource name.
** resourceType **
The resource type.
HTTP Status Code: 409
** InternalServerException **
Internal service exceptions are sometimes caused by transient issues. Before you start troubleshooting, perform the operation again.
HTTP Status Code: 500
** ResourceNotFoundException **
The resource could not be found.
** resourceName **
The name of the resource that could not be found.
** resourceType **
The type of the resource that could not be found.
HTTP Status Code: 404
** ThrottlingException **
The limit on the number of requests per second was exceeded.
** quotaCode **
That the rate of requests to Security Lake is exceeding the request quotas for your AWS account.
** retryAfterSeconds **
Retry the request after the specified time.
** serviceCode **
The code for the service in Service Quotas.
HTTP Status Code: 429
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/securitylake-2018-05-10/UpdateDataLake)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/securitylake-2018-05-10/UpdateDataLake)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/securitylake-2018-05-10/UpdateDataLake)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/securitylake-2018-05-10/UpdateDataLake)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/securitylake-2018-05-10/UpdateDataLake)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/securitylake-2018-05-10/UpdateDataLake)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/securitylake-2018-05-10/UpdateDataLake)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/securitylake-2018-05-10/UpdateDataLake)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/securitylake-2018-05-10/UpdateDataLake)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/securitylake-2018-05-10/UpdateDataLake)