• EnglishEspañol日本語한국어Português
  • Log inStart now

Amazon Security Lake integration

New Relic infrastructure integrations include an integration for AWS Security Lake, allowing you to send your security log data to New Relic.

Collect and send telemetry data to New Relic from Security Lake using our integration. You can use this integration to monitor your services, query incoming data, and build dashboards to observe everything at a glance.

Activate integration

To enable this integration, set up an S3 log forwarder. We suggest using our serverless forwarder application for ease and convenience, but you can also set your own.


You have two options for Security Lake monitoring setup. You can consolidate multiple regions to avoid repeating steps, or you can set it up on a per-region basis. For more details, see managing multiple regions.


Before enabling this integration, first make sure these steps are completed for Security Lake:

  1. Complete the steps mentioned in the Amazon Security Lake Getting started guide.
  2. Complete the prerequisites to setting up a subscriber with data access by following the steps in the Security Lake subscriber guide.

Configuration steps

Here's an overview of the steps you'll be doing:

  1. Create a Security Lake subscriber.
  2. Install our dedicated Amazon Security Lake log forwarder.
  3. Find and use your log data.

Create a Security Lake subscriber

  1. Navigate to the Security Lake feature in your AWS Console.

  2. Select Subscribers, and select Create Subscriber.

  3. Give the subscriber a name and select a region.

  4. Select which log and event sources you want sent to New Relic.

  5. Fill out the remaining details as described below:



    Data access method


    Account ID

    Insert the AWS account ID where you plan on installing the New Relic-provided serverless application.

    External ID

    Insert your New Relic AccountID. For more info, see externalID

    Notification details

    SQS queue

  6. Select Create.

  7. From the Subscriber details page, copy your AWS role ID and Subscription endpoint ARN's. You will need them for the next step.

Install our Amazon Security Lake log forwarder

To install the log forwarder:

  1. Open the AWS Serverless Application Repository in your browser.
  2. Search for newrelic and check Show apps that create custom IAM roles or resource policies to find the newrelic-securitylake-s3-processor-LogForwarder.
  3. Click the newrelic-securitylake-s3-processor-LogForwarder details, and click Deploy.
  4. Copy/paste the AWS role ID ARN from the previous step into the SecurityLakeSubscriberRoleArn field.
  5. Copy/paste the Subscription endpoint ARN from the previous step into the SecurityLakeSubscriberRoleArn field.
  6. Input the ExternalID that you added in the previous step.
  7. Input your into the NRLicenseKey field.
  8. Acknowledge and select Deploy.

For more details on this, see our Amazon Security Lake log forwarder docs.

Find and use Log data

To find your logs on New Relic, go to one.newrelic.com > All capabilities > Logs and set Attributes to product.name, and then choose the log source you want.

The following log sources are currently supported:


Amazon Security Lake uses the OCSF Schema for its logs.

Here are attributes you can find in Security Lake logs:

How to use your data

To know more about how to use your data, see understand integration data.


You can set up to notify you of breaking changes. For example, an alert can be set up to notify relevant parties of critical or fatal errors.

Learn more about creating alerts.

Other AWS integrations

Read more about New Relic AWS integrations:

Copyright © 2024 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.