diff --git a/.changelog/36268.txt b/.changelog/36268.txt
new file mode 100644
index 000000000000..d844c7157551
--- /dev/null
+++ b/.changelog/36268.txt
@@ -0,0 +1,31 @@
+```release-note:bug
+resource/aws_securitylake_subscriber: Allow more than one log source
+```
+
+```release-note:bug
+resource/aws_securitylake_aws_log_source: Correctly handles unspecified `source_version`
+```
+
+```release-note:bug
+resource/aws_securitylake_aws_log_source: Prevents errors when creating multiple log sources concurrently
+```
+
+```release-note:bug
+resource/aws_securitylake_custom_log_source: Validates length of `source_name` parameter
+```
+
+```release-note:bug
+resource/aws_securitylake_custom_log_source: Prevents errors when creating multiple log sources concurrently
+```
+
+```release-note:bug
+resource/aws_securitylake_subscriber: Correctly handles unspecified `access_type`
+```
+
+```release-note:bug
+resource/aws_securitylake_subscriber: Correctly requires `source_name` parameter for `aws_log_source_resource` and `custom_log_source_resource`
+```
+
+```release-note:bug
+resource/aws_securitylake_subscriber: Correctly handles unspecified `source_version` parameter for `aws_log_source_resource` and `custom_log_source_resource`
+```
diff --git a/internal/service/securitylake/aws_log_source.go b/internal/service/securitylake/aws_log_source.go
index 728b7e195f17..fbc0227e6d4a 100644
--- a/internal/service/securitylake/aws_log_source.go
+++ b/internal/service/securitylake/aws_log_source.go
@@ -117,7 +117,9 @@ func (r *awsLogSourceResource) Create(ctx context.Context, request resource.Crea
 		return
 	}
 
-	_, err := conn.CreateAwsLogSource(ctx, input)
+	_, err := retryDataLakeConflictWithMutex(ctx, func() (*securitylake.CreateAwsLogSourceOutput, error) {
+		return conn.CreateAwsLogSource(ctx, input)
+	})
 
 	if err != nil {
 		response.Diagnostics.AddError("creating Security Lake AWS Log Source", err.Error())
@@ -144,6 +146,7 @@ func (r *awsLogSourceResource) Create(ctx context.Context, request resource.Crea
 
 	sourceData.Accounts.SetValue = fwflex.FlattenFrameworkStringValueSet(ctx, logSource.Accounts)
 	sourceData.SourceVersion = fwflex.StringToFramework(ctx, logSource.SourceVersion)
+	data.Source = fwtypes.NewListNestedObjectValueOfPtrMust(ctx, sourceData)
 
 	response.Diagnostics.Append(response.State.Set(ctx, data)...)
 }
@@ -212,7 +215,9 @@ func (r *awsLogSourceResource) Delete(ctx context.Context, request resource.Dele
 		input.Sources = []awstypes.AwsLogSourceConfiguration{*logSource}
 	}
 
-	_, err := conn.DeleteAwsLogSource(ctx, input)
+	_, err := retryDataLakeConflictWithMutex(ctx, func() (*securitylake.DeleteAwsLogSourceOutput, error) {
+		return conn.DeleteAwsLogSource(ctx, input)
+	})
 
 	if errs.IsA[*awstypes.ResourceNotFoundException](err) {
 		return
diff --git a/internal/service/securitylake/aws_log_source_test.go b/internal/service/securitylake/aws_log_source_test.go
index 94ce12ea42ba..b7a6468f9f94 100644
--- a/internal/service/securitylake/aws_log_source_test.go
+++ b/internal/service/securitylake/aws_log_source_test.go
@@ -11,6 +11,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/securitylake/types"
 	sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/plancheck"
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
 	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
@@ -28,6 +29,7 @@ func testAccAWSLogSource_basic(t *testing.T) {
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
@@ -35,6 +37,54 @@ func testAccAWSLogSource_basic(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config: testAccAWSLogSourceConfig_basic(),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSLogSourceExists(ctx, resourceName, &logSource),
+					resource.TestCheckResourceAttr(resourceName, "source.#", "1"),
+					resource.TestCheckResourceAttrSet(resourceName, "source.0.accounts.#"),
+					acctest.CheckResourceAttrAccountID(resourceName, "source.0.accounts.0"),
+					func(s *terraform.State) error {
+						return resource.TestCheckTypeSetElemAttr(resourceName, "source.0.accounts.*", acctest.AccountID())(s)
+					},
+					resource.TestCheckResourceAttr(resourceName, "source.0.regions.#", "1"),
+					resource.TestCheckTypeSetElemAttr(resourceName, "source.0.regions.*", acctest.Region()),
+					resource.TestCheckResourceAttr(resourceName, "source.0.source_name", "ROUTE53"),
+					resource.TestCheckResourceAttr(resourceName, "source.0.source_version", "2.0"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccAWSLogSourceConfig_sourceVersion("2.0"),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectEmptyPlan(),
+					},
+				},
+			},
+		},
+	})
+}
+
+func testAccAWSLogSource_sourceVersion(t *testing.T) {
+	ctx := acctest.Context(t)
+	resourceName := "aws_securitylake_aws_log_source.test"
+	var logSource types.AwsLogSourceConfiguration
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
+			testAccPreCheck(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckAWSLogSourceDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSLogSourceConfig_sourceVersion("1.0"),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckAWSLogSourceExists(ctx, resourceName, &logSource),
 					resource.TestCheckResourceAttr(resourceName, "source.#", "1"),
@@ -50,6 +100,23 @@ func testAccAWSLogSource_basic(t *testing.T) {
 				ImportState:       true,
 				ImportStateVerify: true,
 			},
+			{
+				Config: testAccAWSLogSourceConfig_sourceVersion("2.0"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSLogSourceExists(ctx, resourceName, &logSource),
+					resource.TestCheckResourceAttr(resourceName, "source.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "source.0.accounts.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "source.0.regions.#", "1"),
+					resource.TestCheckTypeSetElemAttr(resourceName, "source.0.regions.*", acctest.Region()),
+					resource.TestCheckResourceAttr(resourceName, "source.0.source_name", "ROUTE53"),
+					resource.TestCheckResourceAttr(resourceName, "source.0.source_version", "2.0"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -64,9 +131,11 @@ func testAccAWSLogSource_multiRegion(t *testing.T) {
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
+			acctest.PreCheckMultipleRegion(t, 2)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
-		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		ProtoV5ProviderFactories: acctest.ProtoV5FactoriesAlternate(ctx, t),
 		CheckDestroy:             testAccCheckAWSLogSourceDestroy(ctx),
 		Steps: []resource.TestStep{
 			{
@@ -78,8 +147,6 @@ func testAccAWSLogSource_multiRegion(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "source.0.regions.#", "2"),
 					resource.TestCheckTypeSetElemAttr(resourceName, "source.0.regions.*", acctest.Region()),
 					resource.TestCheckTypeSetElemAttr(resourceName, "source.0.regions.*", acctest.AlternateRegion()),
-					resource.TestCheckResourceAttr(resourceName, "source.0.source_name", "ROUTE53"),
-					resource.TestCheckResourceAttr(resourceName, "source.0.source_version", "1.0"),
 				),
 			},
 			{
@@ -100,7 +167,7 @@ func testAccAWSLogSource_disappears(t *testing.T) {
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
@@ -118,6 +185,46 @@ func testAccAWSLogSource_disappears(t *testing.T) {
 	})
 }
 
+func testAccAWSLogSource_multiple(t *testing.T) {
+	ctx := acctest.Context(t)
+	resourceName := "aws_securitylake_aws_log_source.test"
+	resourceName2 := "aws_securitylake_aws_log_source.test2"
+	var logSource, logSource2 types.AwsLogSourceConfiguration
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
+			testAccPreCheck(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckAWSLogSourceDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSLogSourceConfig_multiple(),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSLogSourceExists(ctx, resourceName, &logSource),
+					testAccCheckAWSLogSourceExists(ctx, resourceName2, &logSource2),
+
+					resource.TestCheckResourceAttr(resourceName, "source.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "source.0.source_name", "ROUTE53"),
+					resource.TestCheckResourceAttr(resourceName, "source.0.source_version", "2.0"),
+
+					resource.TestCheckResourceAttr(resourceName2, "source.#", "1"),
+					resource.TestCheckResourceAttr(resourceName2, "source.0.source_name", "S3_DATA"),
+					resource.TestCheckResourceAttr(resourceName2, "source.0.source_version", "2.0"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func testAccCheckAWSLogSourceDestroy(ctx context.Context) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		conn := acctest.Provider.Meta().(*conns.AWSClient).SecurityLakeClient(ctx)
@@ -166,34 +273,81 @@ func testAccCheckAWSLogSourceExists(ctx context.Context, n string, v *types.AwsL
 }
 
 func testAccAWSLogSourceConfig_basic() string {
-	return acctest.ConfigCompose(testAccDataLakeConfig_basic(), fmt.Sprintf(`
-data "aws_caller_identity" "test" {}
+	return acctest.ConfigCompose(
+		testAccDataLakeConfig_basic(), `
+resource "aws_securitylake_aws_log_source" "test" {
+  source {
+    accounts    = [data.aws_caller_identity.current.account_id]
+    regions     = [data.aws_region.current.name]
+    source_name = "ROUTE53"
+  }
+  depends_on = [aws_securitylake_data_lake.test]
+}
+
+data "aws_region" "current" {}
+`)
+}
 
+func testAccAWSLogSourceConfig_sourceVersion(version string) string {
+	return acctest.ConfigCompose(
+		testAccDataLakeConfig_basic(), fmt.Sprintf(`
 resource "aws_securitylake_aws_log_source" "test" {
   source {
-    accounts       = [data.aws_caller_identity.test.account_id]
-    regions        = [%[1]q]
+    accounts       = [data.aws_caller_identity.current.account_id]
+    regions        = [data.aws_region.current.name]
     source_name    = "ROUTE53"
-    source_version = "1.0"
+    source_version = %[1]q
   }
   depends_on = [aws_securitylake_data_lake.test]
 }
-`, acctest.Region()))
+
+data "aws_region" "current" {}
+`, version))
 }
 
 func testAccAWSLogSourceConfig_multiRegion(rName string) string {
-	return acctest.ConfigCompose(testAccDataLakeConfig_replication(rName), fmt.Sprintf(`
-data "aws_caller_identity" "test" {}
-
+	return acctest.ConfigCompose(
+		acctest.ConfigMultipleRegionProvider(2),
+		testAccDataLakeConfig_replication(rName), `
 resource "aws_securitylake_aws_log_source" "test" {
   source {
-    accounts       = [data.aws_caller_identity.test.account_id]
-    regions        = [%[1]q, %[2]q]
-    source_name    = "ROUTE53"
-    source_version = "1.0"
+    accounts    = [data.aws_caller_identity.current.account_id]
+    regions     = [data.aws_region.current.name, data.aws_region.alternate.name]
+    source_name = "ROUTE53"
   }
 
   depends_on = [aws_securitylake_data_lake.test, aws_securitylake_data_lake.region_2]
 }
-`, acctest.Region(), acctest.AlternateRegion()))
+
+data "aws_region" "current" {}
+
+data "aws_region" "alternate" {
+  provider = awsalternate
+}
+`)
+}
+
+func testAccAWSLogSourceConfig_multiple() string {
+	return acctest.ConfigCompose(
+		testAccDataLakeConfig_basic(), `
+resource "aws_securitylake_aws_log_source" "test" {
+  source {
+    accounts    = [data.aws_caller_identity.current.account_id]
+    regions     = [data.aws_region.current.name]
+    source_name = "ROUTE53"
+  }
+  depends_on = [aws_securitylake_data_lake.test]
+}
+
+resource "aws_securitylake_aws_log_source" "test2" {
+  source {
+    accounts    = [data.aws_caller_identity.current.account_id]
+    regions     = [data.aws_region.current.name]
+    source_name = "S3_DATA"
+  }
+  depends_on = [aws_securitylake_data_lake.test]
+}
+
+data "aws_region" "current" {}
+`)
 }
diff --git a/internal/service/securitylake/custom_log_source.go b/internal/service/securitylake/custom_log_source.go
index f02536097fc3..a374ef0615fc 100644
--- a/internal/service/securitylake/custom_log_source.go
+++ b/internal/service/securitylake/custom_log_source.go
@@ -11,6 +11,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/securitylake"
 	awstypes "github.com/aws/aws-sdk-go-v2/service/securitylake/types"
 	"github.com/hashicorp/terraform-plugin-framework-validators/listvalidator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
 	"github.com/hashicorp/terraform-plugin-framework/attr"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
@@ -88,6 +89,9 @@ func (r *customLogSourceResource) Schema(ctx context.Context, request resource.S
 			},
 			"source_name": schema.StringAttribute{
 				Required: true,
+				Validators: []validator.String{
+					stringvalidator.LengthAtMost(20),
+				},
 				PlanModifiers: []planmodifier.String{
 					stringplanmodifier.RequiresReplace(),
 				},
@@ -184,7 +188,9 @@ func (r *customLogSourceResource) Create(ctx context.Context, request resource.C
 		return
 	}
 
-	output, err := conn.CreateCustomLogSource(ctx, input)
+	output, err := retryDataLakeConflictWithMutex(ctx, func() (*securitylake.CreateCustomLogSourceOutput, error) {
+		return conn.CreateCustomLogSource(ctx, input)
+	})
 
 	if err != nil {
 		response.Diagnostics.AddError("creating Security Lake Custom Log Source", err.Error())
@@ -266,7 +272,9 @@ func (r *customLogSourceResource) Delete(ctx context.Context, request resource.D
 		return
 	}
 
-	_, err := conn.DeleteCustomLogSource(ctx, input)
+	_, err := retryDataLakeConflictWithMutex(ctx, func() (*securitylake.DeleteCustomLogSourceOutput, error) {
+		return conn.DeleteCustomLogSource(ctx, input)
+	})
 
 	if errs.IsA[*awstypes.ResourceNotFoundException](err) {
 		return
diff --git a/internal/service/securitylake/custom_log_source_test.go b/internal/service/securitylake/custom_log_source_test.go
index 1033236350d6..95bfa7bc0db9 100644
--- a/internal/service/securitylake/custom_log_source_test.go
+++ b/internal/service/securitylake/custom_log_source_test.go
@@ -6,14 +6,18 @@ package securitylake_test
 import (
 	"context"
 	"fmt"
+	"strings"
 	"testing"
 
+	"github.com/YakDriver/regexache"
 	"github.com/aws/aws-sdk-go-v2/service/securitylake/types"
+	sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
 	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	tfsecuritylake "github.com/hashicorp/terraform-provider-aws/internal/service/securitylake"
+	"github.com/hashicorp/terraform-provider-aws/internal/slices"
 	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
@@ -21,30 +25,186 @@ import (
 func testAccCustomLogSource_basic(t *testing.T) {
 	ctx := acctest.Context(t)
 	resourceName := "aws_securitylake_custom_log_source.test"
+	rName := randomCustomLogSourceName()
 	var customLogSource types.CustomLogSourceResource
 
 	resource.Test(t, resource.TestCase{
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
 		CheckDestroy:             testAccCheckCustomLogSourceDestroy(ctx),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccCustomLogSourceConfig_basic(),
+				Config: testAccCustomLogSourceConfig_basic(rName),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckCustomLogSourceExists(ctx, resourceName, &customLogSource),
+					resource.TestCheckResourceAttr(resourceName, "attributes.#", "1"),
+					acctest.CheckResourceAttrRegionalARN(resourceName, "attributes.0.crawler_arn", "glue", fmt.Sprintf("crawler/%s", rName)),
+					acctest.CheckResourceAttrRegionalARN(resourceName, "attributes.0.database_arn", "glue", fmt.Sprintf("database/amazon_security_lake_glue_db_%s", strings.Replace(acctest.Region(), "-", "_", -1))),
+					acctest.CheckResourceAttrRegionalARN(resourceName, "attributes.0.table_arn", "glue", fmt.Sprintf("table/amazon_security_lake_table_%s_ext_%s", strings.Replace(acctest.Region(), "-", "_", -1), strings.Replace(rName, "-", "_", -1))),
 					resource.TestCheckResourceAttr(resourceName, "configuration.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "configuration.0.crawler_configuration.#", "1"),
 					resource.TestCheckResourceAttrPair(resourceName, "configuration.0.crawler_configuration.0.role_arn", "aws_iam_role.test", "arn"),
 					resource.TestCheckResourceAttr(resourceName, "configuration.0.provider_identity.#", "1"),
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.provider_identity.0.external_id", "windows-sysmon-test"),
+					resource.TestCheckResourceAttr(resourceName, "configuration.0.provider_identity.0.external_id", fmt.Sprintf("%s-test", rName)),
+					resource.TestCheckNoResourceAttr(resourceName, "event_classes"),
+					resource.TestCheckResourceAttr(resourceName, "provider_details.#", "1"),
+					resource.TestMatchResourceAttr(resourceName, "provider_details.0.location", regexache.MustCompile(fmt.Sprintf(`^s3://aws-security-data-lake-%s-[a-z0-9]{30}/ext/%s/$`, acctest.Region(), rName))),
+					acctest.CheckResourceAttrGlobalARN(resourceName, "provider_details.0.role_arn", "iam", fmt.Sprintf("role/AmazonSecurityLake-Provider-%s-%s", rName, acctest.Region())),
+					resource.TestCheckResourceAttr(resourceName, "source_name", rName),
+					resource.TestCheckNoResourceAttr(resourceName, "source_version"),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"configuration"},
+			},
+		},
+	})
+}
+
+func testAccCustomLogSource_sourceVersion(t *testing.T) {
+	ctx := acctest.Context(t)
+	resourceName := "aws_securitylake_custom_log_source.test"
+	rName := randomCustomLogSourceName()
+	var customLogSource types.CustomLogSourceResource
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
+			testAccPreCheck(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckCustomLogSourceDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCustomLogSourceConfig_sourceVersion(rName, "1.5"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckCustomLogSourceExists(ctx, resourceName, &customLogSource),
+					resource.TestCheckResourceAttr(resourceName, "source_version", "1.5"),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"configuration"},
+			},
+			{
+				Config: testAccCustomLogSourceConfig_sourceVersion(rName, "2.5"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckCustomLogSourceExists(ctx, resourceName, &customLogSource),
+					resource.TestCheckResourceAttr(resourceName, "source_version", "2.5"),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"configuration"},
+			},
+		},
+	})
+}
+
+func testAccCustomLogSource_multiple(t *testing.T) {
+	ctx := acctest.Context(t)
+	resourceName := "aws_securitylake_custom_log_source.test"
+	resourceName2 := "aws_securitylake_custom_log_source.test2"
+	rName := randomCustomLogSourceName()
+	rName2 := randomCustomLogSourceName()
+	var customLogSource, customLogSource2 types.CustomLogSourceResource
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
+			testAccPreCheck(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckCustomLogSourceDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCustomLogSourceConfig_multiple(rName, rName2),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckCustomLogSourceExists(ctx, resourceName, &customLogSource),
+					testAccCheckCustomLogSourceExists(ctx, resourceName2, &customLogSource2),
+
+					resource.TestCheckResourceAttr(resourceName, "source_name", rName),
+
+					resource.TestCheckResourceAttr(resourceName2, "source_name", rName2),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"configuration"},
+			},
+		},
+	})
+}
+
+func testAccCustomLogSource_eventClasses(t *testing.T) {
+	ctx := acctest.Context(t)
+	resourceName := "aws_securitylake_custom_log_source.test"
+	rName := randomCustomLogSourceName()
+	var customLogSource types.CustomLogSourceResource
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
+			testAccPreCheck(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckCustomLogSourceDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCustomLogSourceConfig_eventClasses(rName, "FILE_ACTIVITY"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckCustomLogSourceExists(ctx, resourceName, &customLogSource),
 					resource.TestCheckResourceAttr(resourceName, "event_classes.#", "1"),
 					resource.TestCheckTypeSetElemAttr(resourceName, "event_classes.*", "FILE_ACTIVITY"),
-					resource.TestCheckResourceAttr(resourceName, "source_name", "windows-sysmon"),
-					resource.TestCheckResourceAttr(resourceName, "source_version", "1.0"),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"configuration", "event_classes"},
+			},
+			{
+				Config: testAccCustomLogSourceConfig_eventClasses(rName, "MEMORY_ACTIVITY", "FILE_ACTIVITY"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckCustomLogSourceExists(ctx, resourceName, &customLogSource),
+					resource.TestCheckResourceAttr(resourceName, "event_classes.#", "2"),
+					resource.TestCheckTypeSetElemAttr(resourceName, "event_classes.*", "MEMORY_ACTIVITY"),
+					resource.TestCheckTypeSetElemAttr(resourceName, "event_classes.*", "FILE_ACTIVITY"),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"configuration", "event_classes"},
+			},
+			{
+				Config: testAccCustomLogSourceConfig_eventClasses(rName, "MEMORY_ACTIVITY"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckCustomLogSourceExists(ctx, resourceName, &customLogSource),
+					resource.TestCheckResourceAttr(resourceName, "event_classes.#", "1"),
+					resource.TestCheckTypeSetElemAttr(resourceName, "event_classes.*", "MEMORY_ACTIVITY"),
 				),
 			},
 			{
@@ -60,20 +220,21 @@ func testAccCustomLogSource_basic(t *testing.T) {
 func testAccCustomLogSource_disappears(t *testing.T) {
 	ctx := acctest.Context(t)
 	resourceName := "aws_securitylake_custom_log_source.test"
+	rName := randomCustomLogSourceName()
 	var customLogSource types.CustomLogSourceResource
 
 	resource.Test(t, resource.TestCase{
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
 		CheckDestroy:             testAccCheckCustomLogSourceDestroy(ctx),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccCustomLogSourceConfig_basic(),
+				Config: testAccCustomLogSourceConfig_basic(rName),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCustomLogSourceExists(ctx, resourceName, &customLogSource),
 					acctest.CheckFrameworkResourceDisappears(ctx, acctest.Provider, tfsecuritylake.ResourceCustomLogSource, resourceName),
@@ -84,6 +245,10 @@ func testAccCustomLogSource_disappears(t *testing.T) {
 	})
 }
 
+func randomCustomLogSourceName() string {
+	return fmt.Sprintf("%s-%s", acctest.ResourcePrefix, sdkacctest.RandString(20-(len(acctest.ResourcePrefix)+1)))
+}
+
 func testAccCheckCustomLogSourceDestroy(ctx context.Context) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		conn := acctest.Provider.Meta().(*conns.AWSClient).SecurityLakeClient(ctx)
@@ -131,10 +296,93 @@ func testAccCheckCustomLogSourceExists(ctx context.Context, n string, v *types.C
 	}
 }
 
-func testAccCustomLogSourceConfig_basic() string {
-	return acctest.ConfigCompose(testAccDataLakeConfig_basic(), `
+func testAccCustomLogSourceConfig_basic(rName string) string {
+	return acctest.ConfigCompose(
+		testAccDataLakeConfig_basic(), fmt.Sprintf(`
+resource "aws_securitylake_custom_log_source" "test" {
+  source_name = %[1]q
+
+  configuration {
+    crawler_configuration {
+      role_arn = aws_iam_role.test.arn
+    }
+
+    provider_identity {
+      external_id = "%[1]s-test"
+      principal   = data.aws_caller_identity.current.account_id
+    }
+  }
+
+  depends_on = [aws_securitylake_data_lake.test, aws_iam_role.test]
+}
+
+resource "aws_iam_role" "test" {
+  name = %[1]q
+  path = "/service-role/"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [{
+    "Action": "sts:AssumeRole",
+    "Principal": {
+      "Service": "glue.amazonaws.com"
+    },
+    "Effect": "Allow"
+  }]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy" "test" {
+  name = %[1]q
+  role = aws_iam_role.test.name
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [{
+    "Effect": "Allow",
+    "Action": [
+      "s3:GetObject",
+      "s3:PutObject"
+    ],
+    "Resource": "*"
+  }]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "test" {
+  policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSGlueServiceRole"
+  role       = aws_iam_role.test.name
+}
+`, rName))
+}
+
+func testAccCustomLogSourceConfig_sourceVersion(rName, version string) string {
+	return acctest.ConfigCompose(
+		testAccDataLakeConfig_basic(), fmt.Sprintf(`
+resource "aws_securitylake_custom_log_source" "test" {
+  source_name    = %[1]q
+  source_version = %[2]q
+
+  configuration {
+    crawler_configuration {
+      role_arn = aws_iam_role.test.arn
+    }
+
+    provider_identity {
+      external_id = "%[1]s-test"
+      principal   = data.aws_caller_identity.current.account_id
+    }
+  }
+
+  depends_on = [aws_securitylake_data_lake.test, aws_iam_role.test]
+}
+
 resource "aws_iam_role" "test" {
-  name = "AmazonSecurityLakeCustomDataGlueCrawler-windows-sysmon"
+  name = %[1]q
   path = "/service-role/"
 
   assume_role_policy = <<POLICY
@@ -152,7 +400,7 @@ POLICY
 }
 
 resource "aws_iam_role_policy" "test" {
-  name = "AmazonSecurityLakeCustomDataGlueCrawler-windows-sysmon"
+  name = %[1]q
   role = aws_iam_role.test.name
 
   policy = <<POLICY
@@ -168,19 +416,88 @@ resource "aws_iam_role_policy" "test" {
   }]
 }
 POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "test" {
+  policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSGlueServiceRole"
+  role       = aws_iam_role.test.name
+}
+`, rName, version))
+}
+
+func testAccCustomLogSourceConfig_eventClasses(rName string, eventClasses ...string) string {
+	eventClasses = slices.ApplyToAll(eventClasses, func(s string) string {
+		return fmt.Sprintf(`"%s"`, s)
+	})
+	return acctest.ConfigCompose(
+		testAccDataLakeConfig_basic(), fmt.Sprintf(`
+resource "aws_securitylake_custom_log_source" "test" {
+  source_name   = %[1]q
+  event_classes = [%[2]s]
+
+  configuration {
+    crawler_configuration {
+      role_arn = aws_iam_role.test.arn
+    }
+
+    provider_identity {
+      external_id = "%[1]s-test"
+      principal   = data.aws_caller_identity.current.account_id
+    }
+  }
+
+  depends_on = [aws_securitylake_data_lake.test, aws_iam_role.test]
+}
+
+resource "aws_iam_role" "test" {
+  name = %[1]q
+  path = "/service-role/"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [{
+    "Action": "sts:AssumeRole",
+    "Principal": {
+      "Service": "glue.amazonaws.com"
+    },
+    "Effect": "Allow"
+  }]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy" "test" {
+  name = %[1]q
+  role = aws_iam_role.test.name
 
-  depends_on = [aws_securitylake_data_lake.test]
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [{
+    "Effect": "Allow",
+    "Action": [
+      "s3:GetObject",
+      "s3:PutObject"
+    ],
+    "Resource": "*"
+  }]
+}
+POLICY
 }
 
 resource "aws_iam_role_policy_attachment" "test" {
   policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSGlueServiceRole"
   role       = aws_iam_role.test.name
 }
+`, rName, strings.Join(eventClasses, ", ")))
+}
 
+func testAccCustomLogSourceConfig_multiple(rName, rName2 string) string {
+	return acctest.ConfigCompose(
+		testAccDataLakeConfig_basic(), fmt.Sprintf(`
 resource "aws_securitylake_custom_log_source" "test" {
-  source_name    = "windows-sysmon"
-  source_version = "1.0"
-  event_classes  = ["FILE_ACTIVITY"]
+  source_name = %[1]q
 
   configuration {
     crawler_configuration {
@@ -188,12 +505,71 @@ resource "aws_securitylake_custom_log_source" "test" {
     }
 
     provider_identity {
-      external_id = "windows-sysmon-test"
+      external_id = "%[1]s-test"
       principal   = data.aws_caller_identity.current.account_id
     }
   }
 
   depends_on = [aws_securitylake_data_lake.test, aws_iam_role.test]
 }
-`)
+
+resource "aws_securitylake_custom_log_source" "test2" {
+  source_name = %[2]q
+
+  configuration {
+    crawler_configuration {
+      role_arn = aws_iam_role.test.arn
+    }
+
+    provider_identity {
+      external_id = "%[2]s-test"
+      principal   = data.aws_caller_identity.current.account_id
+    }
+  }
+
+  depends_on = [aws_securitylake_data_lake.test, aws_iam_role.test]
+}
+
+resource "aws_iam_role" "test" {
+  name = %[1]q
+  path = "/service-role/"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [{
+    "Action": "sts:AssumeRole",
+    "Principal": {
+      "Service": "glue.amazonaws.com"
+    },
+    "Effect": "Allow"
+  }]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy" "test" {
+  name = %[1]q
+  role = aws_iam_role.test.name
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [{
+    "Effect": "Allow",
+    "Action": [
+      "s3:GetObject",
+      "s3:PutObject"
+    ],
+    "Resource": "*"
+  }]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "test" {
+  policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSGlueServiceRole"
+  role       = aws_iam_role.test.name
+}
+`, rName, rName2))
 }
diff --git a/internal/service/securitylake/data_lake.go b/internal/service/securitylake/data_lake.go
index f74c1b28507a..cb590849a6f9 100644
--- a/internal/service/securitylake/data_lake.go
+++ b/internal/service/securitylake/data_lake.go
@@ -24,6 +24,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	"github.com/hashicorp/terraform-provider-aws/internal/enum"
 	"github.com/hashicorp/terraform-provider-aws/internal/errs"
 	"github.com/hashicorp/terraform-provider-aws/internal/errs/fwdiag"
@@ -36,6 +37,8 @@ import (
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
+const dataLakeMutexKey = "aws_securitylake_data_lake"
+
 // @FrameworkResource(name="Data Lake")
 // @Tags(identifierAttribute="arn")
 func newDataLakeResource(context.Context) (resource.ResourceWithConfigure, error) {
@@ -190,7 +193,9 @@ func (r *dataLakeResource) Create(ctx context.Context, request resource.CreateRe
 	// Additional fields.
 	input.Tags = getTagsIn(ctx)
 
-	output, err := conn.CreateDataLake(ctx, input)
+	output, err := retryDataLakeConflictWithMutex(ctx, func() (*securitylake.CreateDataLakeOutput, error) {
+		return conn.CreateDataLake(ctx, input)
+	})
 
 	if err != nil {
 		response.Diagnostics.AddError("creating Security Lake Data Lake", err.Error())
@@ -294,7 +299,9 @@ func (r *dataLakeResource) Update(ctx context.Context, request resource.UpdateRe
 			return
 		}
 
-		_, err := conn.UpdateDataLake(ctx, input)
+		_, err := retryDataLakeConflictWithMutex(ctx, func() (*securitylake.UpdateDataLakeOutput, error) {
+			return conn.UpdateDataLake(ctx, input)
+		})
 
 		if err != nil {
 			response.Diagnostics.AddError(fmt.Sprintf("updating Security Lake Data Lake (%s)", new.ID.ValueString()), err.Error())
@@ -321,15 +328,13 @@ func (r *dataLakeResource) Delete(ctx context.Context, request resource.DeleteRe
 
 	conn := r.Meta().SecurityLakeClient(ctx)
 
-	// "ConflictException: The request failed because your Security Lake configuration or resources are currently being updated. Wait a few minutes and then try again."
-	const (
-		timeout = 2 * time.Minute
-	)
-	_, err := tfresource.RetryWhenIsAErrorMessageContains[*awstypes.ConflictException](ctx, timeout, func() (interface{}, error) {
-		return conn.DeleteDataLake(ctx, &securitylake.DeleteDataLakeInput{
-			Regions: []string{errs.Must(regionFromARNString(data.ID.ValueString()))},
-		})
-	}, "Wait a few minutes and then try again")
+	input := &securitylake.DeleteDataLakeInput{
+		Regions: []string{errs.Must(regionFromARNString(data.ID.ValueString()))},
+	}
+
+	_, err := retryDataLakeConflictWithMutex(ctx, func() (*securitylake.DeleteDataLakeOutput, error) {
+		return conn.DeleteDataLake(ctx, input)
+	})
 
 	// No data lake:
 	// "An error occurred (AccessDeniedException) when calling the DeleteDataLake operation: User: ... is not authorized to perform: securitylake:DeleteDataLake", or
@@ -565,3 +570,20 @@ type dataLakeReplicationConfigurationModel struct {
 	Regions fwtypes.SetValueOf[types.String] `tfsdk:"regions"`
 	RoleARN fwtypes.ARN                      `tfsdk:"role_arn"`
 }
+
+func retryDataLakeConflictWithMutex[T any](ctx context.Context, f func() (T, error)) (T, error) {
+	conns.GlobalMutexKV.Lock(dataLakeMutexKey)
+	defer conns.GlobalMutexKV.Unlock(dataLakeMutexKey)
+
+	const dataLakeTimeout = 2 * time.Minute
+
+	raw, err := tfresource.RetryWhenIsA[*awstypes.ConflictException](ctx, dataLakeTimeout, func() (any, error) {
+		return f()
+	})
+	if err != nil {
+		var zero T
+		return zero, err
+	}
+
+	return raw.(T), err
+}
diff --git a/internal/service/securitylake/data_lake_test.go b/internal/service/securitylake/data_lake_test.go
index 9b074d69abf3..31119d1d4d85 100644
--- a/internal/service/securitylake/data_lake_test.go
+++ b/internal/service/securitylake/data_lake_test.go
@@ -28,7 +28,7 @@ func testAccDataLake_basic(t *testing.T) {
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
@@ -68,7 +68,7 @@ func testAccDataLake_disappears(t *testing.T) {
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
@@ -95,7 +95,7 @@ func testAccDataLake_tags(t *testing.T) {
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
@@ -146,7 +146,7 @@ func testAccDataLake_lifeCycle(t *testing.T) {
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
@@ -190,7 +190,7 @@ func testAccDataLake_lifeCycleUpdate(t *testing.T) {
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
@@ -256,7 +256,7 @@ func testAccDataLake_replication(t *testing.T) {
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 			acctest.PreCheckMultipleRegion(t, 2)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
diff --git a/internal/service/securitylake/exports_test.go b/internal/service/securitylake/exports_test.go
index ef78744db8ca..dcff7c43d354 100644
--- a/internal/service/securitylake/exports_test.go
+++ b/internal/service/securitylake/exports_test.go
@@ -14,6 +14,7 @@ var (
 	FindAWSLogSourceBySourceName           = findAWSLogSourceBySourceName
 	FindCustomLogSourceBySourceName        = findCustomLogSourceBySourceName
 	FindDataLakeByARN                      = findDataLakeByARN
+	FindDataLakes                          = findDataLakes
 	FindSubscriberByID                     = findSubscriberByID
 	FindSubscriberNotificationByEndPointID = findSubscriberNotificationByEndPointID
 )
diff --git a/internal/service/securitylake/securitylake_test.go b/internal/service/securitylake/securitylake_test.go
index 1d339fa2da26..d47b3aee43ad 100644
--- a/internal/service/securitylake/securitylake_test.go
+++ b/internal/service/securitylake/securitylake_test.go
@@ -4,23 +4,42 @@
 package securitylake_test
 
 import (
+	"context"
 	"testing"
 
+	"github.com/aws/aws-sdk-go-v2/service/securitylake"
+	awstypes "github.com/aws/aws-sdk-go-v2/service/securitylake/types"
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/hashicorp/aws-sdk-go-base/v2/tfawserr"
 	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	tforganizations "github.com/hashicorp/terraform-provider-aws/internal/service/organizations"
+	tfsecuritylake "github.com/hashicorp/terraform-provider-aws/internal/service/securitylake"
+	tfsts "github.com/hashicorp/terraform-provider-aws/internal/service/sts"
+	"github.com/hashicorp/terraform-provider-aws/internal/slices"
+	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 )
 
+// Prerequisite: the current account must be either:
+// * not a member of an organization
+// * a delegated Security Lake administrator account
 func TestAccSecurityLake_serial(t *testing.T) {
 	t.Parallel()
 
 	testCases := map[string]map[string]func(t *testing.T){
 		"AWSLogSource": {
-			"basic":       testAccAWSLogSource_basic,
-			"disappears":  testAccAWSLogSource_disappears,
-			"multiRegion": testAccAWSLogSource_multiRegion,
+			"basic":         testAccAWSLogSource_basic,
+			"disappears":    testAccAWSLogSource_disappears,
+			"multiple":      testAccAWSLogSource_multiple,
+			"multiRegion":   testAccAWSLogSource_multiRegion,
+			"sourceVersion": testAccAWSLogSource_sourceVersion,
 		},
 		"CustomLogSource": {
-			"basic":      testAccCustomLogSource_basic,
-			"disappears": testAccCustomLogSource_disappears,
+			"basic":         testAccCustomLogSource_basic,
+			"disappears":    testAccCustomLogSource_disappears,
+			"eventClasses":  testAccCustomLogSource_eventClasses,
+			"multiple":      testAccCustomLogSource_multiple,
+			"sourceVersion": testAccCustomLogSource_sourceVersion,
 		},
 		"DataLake": {
 			"basic":           testAccDataLake_basic,
@@ -31,11 +50,14 @@ func TestAccSecurityLake_serial(t *testing.T) {
 			"replication":     testAccDataLake_replication,
 		},
 		"Subscriber": {
-			"basic":      testAccSubscriber_basic,
-			"customLogs": testAccSubscriber_customLogSource,
-			"disappears": testAccSubscriber_disappears,
-			"tags":       testAccSubscriber_tags,
-			"updated":    testAccSubscriber_update,
+			"accessType":      testAccSubscriber_accessType,
+			"basic":           testAccSubscriber_basic,
+			"customLogs":      testAccSubscriber_customLogSource,
+			"disappears":      testAccSubscriber_disappears,
+			"multipleSources": testAccSubscriber_multipleSources,
+			"tags":            testAccSubscriber_tags,
+			"updated":         testAccSubscriber_update,
+			"migrateSource":   testAccSubscriber_migrate_source,
 		},
 		"SubscriberNotification": {
 			"basic":      testAccSubscriberNotification_basic,
@@ -47,3 +69,39 @@ func TestAccSecurityLake_serial(t *testing.T) {
 
 	acctest.RunSerialTests2Levels(t, testCases, 0)
 }
+
+// testAccPreCheck validates that the current account is either
+// * not a member of an organization
+// * a member of an organization and is the delegated Security Lake administrator account
+func testAccPreCheck(ctx context.Context, t *testing.T) {
+	t.Helper()
+
+	awsClient := acctest.Provider.Meta().(*conns.AWSClient)
+
+	organization, err := tforganizations.FindOrganization(ctx, awsClient.OrganizationsConn(ctx))
+
+	// Not a member of an organization
+	if tfresource.NotFound(err) {
+		return
+	}
+
+	callerIdentity, err := tfsts.FindCallerIdentity(ctx, awsClient.STSClient(ctx))
+
+	if err != nil {
+		t.Fatalf("getting current identity: %s", err)
+	}
+
+	if aws.StringValue(organization.MasterAccountId) == aws.StringValue(callerIdentity.Account) {
+		t.Skip("this AWS account must not be the management account of an AWS Organization")
+	}
+
+	_, err = tfsecuritylake.FindDataLakes(ctx, awsClient.SecurityLakeClient(ctx), &securitylake.ListDataLakesInput{}, slices.PredicateTrue[*awstypes.DataLakeResource]())
+
+	if tfawserr.ErrMessageContains(err, "AccessDeniedException", "must be a delegated Security Lake administrator account") {
+		t.Skip("this AWS account must be a delegate Security Lake administrator account")
+	}
+
+	if err != nil {
+		t.Fatalf("finding data lakes: %s", err)
+	}
+}
diff --git a/internal/service/securitylake/subscriber.go b/internal/service/securitylake/subscriber.go
index 39cd7b84ed8a..e1606df21b57 100644
--- a/internal/service/securitylake/subscriber.go
+++ b/internal/service/securitylake/subscriber.go
@@ -14,6 +14,7 @@ import (
 	"github.com/hashicorp/aws-sdk-go-base/v2/tfawserr"
 	"github.com/hashicorp/terraform-plugin-framework-timeouts/resource/timeouts"
 	"github.com/hashicorp/terraform-plugin-framework-validators/listvalidator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/setvalidator"
 	"github.com/hashicorp/terraform-plugin-framework/attr"
 	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/hashicorp/terraform-plugin-framework/path"
@@ -21,7 +22,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/listplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
-	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-framework/types"
@@ -33,6 +33,7 @@ import (
 	"github.com/hashicorp/terraform-provider-aws/internal/framework"
 	fwflex "github.com/hashicorp/terraform-provider-aws/internal/framework/flex"
 	fwtypes "github.com/hashicorp/terraform-provider-aws/internal/framework/types"
+	"github.com/hashicorp/terraform-provider-aws/internal/slices"
 	tftags "github.com/hashicorp/terraform-provider-aws/internal/tags"
 	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 	"github.com/hashicorp/terraform-provider-aws/names"
@@ -70,7 +71,9 @@ func (r *subscriberResource) Schema(ctx context.Context, request resource.Schema
 			"access_type": schema.StringAttribute{
 				Optional: true,
 				Computed: true,
-				Default:  stringdefault.StaticString("S3"),
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.UseStateForUnknown(),
+				},
 			},
 			"arn":                framework.ARNAttributeComputedOnly(),
 			"resource_share_arn": framework.ARNAttributeComputedOnly(),
@@ -99,10 +102,10 @@ func (r *subscriberResource) Schema(ctx context.Context, request resource.Schema
 			names.AttrTagsAll: tftags.TagsAttributeComputedOnly(),
 		},
 		Blocks: map[string]schema.Block{
-			"source": schema.ListNestedBlock{
-				Validators: []validator.List{
-					listvalidator.IsRequired(),
-					listvalidator.SizeAtMost(1),
+			"source": schema.SetNestedBlock{
+				Validators: []validator.Set{
+					setvalidator.IsRequired(),
+					setvalidator.SizeAtLeast(1),
 				},
 				NestedObject: schema.NestedBlockObject{
 					Blocks: map[string]schema.Block{
@@ -113,10 +116,11 @@ func (r *subscriberResource) Schema(ctx context.Context, request resource.Schema
 							NestedObject: schema.NestedBlockObject{
 								Attributes: map[string]schema.Attribute{
 									"source_name": schema.StringAttribute{
-										Optional: true,
+										Required: true,
 									},
 									"source_version": schema.StringAttribute{
 										Optional: true,
+										Computed: true,
 									},
 								},
 							},
@@ -155,10 +159,11 @@ func (r *subscriberResource) Schema(ctx context.Context, request resource.Schema
 										},
 									},
 									"source_name": schema.StringAttribute{
-										Optional: true,
+										Required: true,
 									},
 									"source_version": schema.StringAttribute{
 										Optional: true,
+										Computed: true,
 									},
 								},
 							},
@@ -218,7 +223,7 @@ func (r *subscriberResource) Create(ctx context.Context, request resource.Create
 	}
 
 	// Additional fields
-	if !data.AccessTypes.IsNull() {
+	if !data.AccessTypes.IsUnknown() && !data.AccessTypes.IsNull() {
 		input.AccessTypes = []awstypes.AccessType{awstypes.AccessType(data.AccessTypes.ValueString())}
 	}
 	input.Sources = sources
@@ -239,7 +244,7 @@ func (r *subscriberResource) Create(ctx context.Context, request resource.Create
 
 	subscriber, err := waitSubscriberCreated(ctx, conn, data.ID.ValueString(), r.CreateTimeout(ctx, data.Timeouts))
 	if err != nil {
-		response.Diagnostics.AddError(fmt.Sprintf("waiting for Security Lake Subscriber (%s) create", data.ID.ValueString()), err.Error())
+		response.Diagnostics.AddError(fmt.Sprintf("waiting for Security Lake Subscriber (%s) to be created", data.ID.ValueString()), err.Error())
 
 		return
 	}
@@ -276,12 +281,11 @@ func (r *subscriberResource) Read(ctx context.Context, request resource.ReadRequ
 		return
 	}
 
-	subscriber := output
-	data.ID = fwflex.StringToFramework(ctx, subscriber.SubscriberId)
-	data.SubscriberArn = fwflex.StringToFramework(ctx, subscriber.SubscriberArn)
+	data.ID = fwflex.StringToFramework(ctx, output.SubscriberId)
+	data.SubscriberArn = fwflex.StringToFramework(ctx, output.SubscriberArn)
 
 	var subscriberIdentity subscriberIdentityModel
-	response.Diagnostics.Append(fwflex.Flatten(ctx, subscriber.SubscriberIdentity, &subscriberIdentity)...)
+	response.Diagnostics.Append(fwflex.Flatten(ctx, output.SubscriberIdentity, &subscriberIdentity)...)
 	if response.Diagnostics.HasError() {
 		return
 	}
@@ -290,7 +294,7 @@ func (r *subscriberResource) Read(ctx context.Context, request resource.ReadRequ
 		setTagsOut(ctx, Tags(tags))
 	}
 
-	response.Diagnostics.Append(data.refreshFromOutput(ctx, subscriberIdentity, subscriber)...)
+	response.Diagnostics.Append(data.refreshFromOutput(ctx, subscriberIdentity, output)...)
 	response.Diagnostics.Append(response.State.Set(ctx, &data)...)
 }
 
@@ -345,16 +349,20 @@ func (r *subscriberResource) Update(ctx context.Context, request resource.Update
 			return
 		}
 
-		_, err = waitSubscriberUpdated(ctx, conn, new.ID.ValueString(), r.CreateTimeout(ctx, new.Timeouts))
+		subscriber, err := waitSubscriberUpdated(ctx, conn, new.ID.ValueString(), r.CreateTimeout(ctx, new.Timeouts))
 		if err != nil {
-			response.Diagnostics.AddError(fmt.Sprintf("waiting for Security Lake Subscriber (%s) create", new.ID.ValueString()), err.Error())
+			response.Diagnostics.AddError(fmt.Sprintf("waiting for Security Lake Subscriber (%s) to be updated", new.ID.ValueString()), err.Error())
 
 			return
 		}
 
-		new.ResourceShareArn = old.ResourceShareArn
-		new.ResourceShareName = old.ResourceShareName
-		new.SubscriberEndpoint = old.SubscriberEndpoint
+		var subscriberIdentity subscriberIdentityModel
+		response.Diagnostics.Append(fwflex.Flatten(ctx, subscriber.SubscriberIdentity, &subscriberIdentity)...)
+		if response.Diagnostics.HasError() {
+			return
+		}
+
+		response.Diagnostics.Append(new.refreshFromOutput(ctx, subscriberIdentity, subscriber)...)
 	}
 
 	response.Diagnostics.Append(response.State.Set(ctx, &new)...)
@@ -508,7 +516,7 @@ func expandSubscriptionValueSources(ctx context.Context, subscriberSourcesModels
 		if !item.AwsLogSourceResource.IsNull() && (len(item.AwsLogSourceResource.Elements()) > 0) {
 			var awsLogSources []awsLogSubscriberSourceModel
 			diags.Append(item.AwsLogSourceResource.ElementsAs(ctx, &awsLogSources, false)...)
-			subscriberLogSource := expandSubscriberLogSourceSource(ctx, awsLogSources)
+			subscriberLogSource := expandSubscriberAwsLogSourceSource(ctx, awsLogSources)
 			sources = append(sources, subscriberLogSource)
 		}
 		if (!item.CustomLogSourceResource.IsNull()) && (len(item.CustomLogSourceResource.Elements()) > 0) {
@@ -522,7 +530,7 @@ func expandSubscriptionValueSources(ctx context.Context, subscriberSourcesModels
 	return sources, diags
 }
 
-func expandSubscriberLogSourceSource(ctx context.Context, awsLogSources []awsLogSubscriberSourceModel) *awstypes.LogSourceResourceMemberAwsLogSource {
+func expandSubscriberAwsLogSourceSource(ctx context.Context, awsLogSources []awsLogSubscriberSourceModel) *awstypes.LogSourceResourceMemberAwsLogSource { // nosemgrep:ci.aws-in-func-name
 	if len(awsLogSources) == 0 {
 		return nil
 	}
@@ -551,38 +559,63 @@ func expandSubscriberCustomLogSourceSource(ctx context.Context, customLogSources
 	return customLogSourceResource
 }
 
-func flattenSubscriberSourcesModel(ctx context.Context, apiObject []awstypes.LogSourceResource) (types.List, diag.Diagnostics) {
+func flattenSubscriberSources(ctx context.Context, apiObject []awstypes.LogSourceResource) (types.Set, diag.Diagnostics) {
 	var diags diag.Diagnostics
 	elemType := types.ObjectType{AttrTypes: subscriberSourcesModelAttrTypes}
+	result := types.SetNull(elemType)
 
-	obj := map[string]attr.Value{}
+	var elems []types.Object
 
 	for _, item := range apiObject {
-		switch v := item.(type) {
-		case *awstypes.LogSourceResourceMemberAwsLogSource:
-			subscriberLogSource, d := flattenSubscriberLogSourceResourceModel(ctx, &v.Value, nil, "aws")
-			diags.Append(d...)
-			obj = map[string]attr.Value{
-				"aws_log_source_resource":    subscriberLogSource,
-				"custom_log_source_resource": types.ListNull(customLogSubscriberSourceModelAttrTypes),
-			}
-		case *awstypes.LogSourceResourceMemberCustomLogSource:
-			subscriberLogSource, d := flattenSubscriberLogSourceResourceModel(ctx, nil, &v.Value, "custom")
-			diags.Append(d...)
-			obj = map[string]attr.Value{
-				"aws_log_source_resource":    types.ListNull(logSubscriberSourcesModelAttrTypes),
-				"custom_log_source_resource": subscriberLogSource,
-			}
+		elem, d := flattenSubscriberSourcesModel(ctx, item)
+		diags.Append(d...)
+		if d.HasError() {
+			return result, diags
 		}
+		elems = append(elems, elem)
 	}
 
-	objVal, d := types.ObjectValue(subscriberSourcesModelAttrTypes, obj)
+	setVal, d := types.SetValue(elemType, slices.ApplyToAll(elems, func(o types.Object) attr.Value {
+		return o
+	}))
 	diags.Append(d...)
 
-	listVal, d := types.ListValue(elemType, []attr.Value{objVal})
+	return setVal, diags
+}
+
+func flattenSubscriberSourcesModel(ctx context.Context, apiObject awstypes.LogSourceResource) (types.Object, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	result := types.ObjectUnknown(subscriberSourcesModelAttrTypes)
+
+	obj := map[string]attr.Value{}
+
+	switch v := apiObject.(type) {
+	case *awstypes.LogSourceResourceMemberAwsLogSource:
+		subscriberLogSource, d := flattenSubscriberLogSourceResourceModel(ctx, &v.Value, nil, "aws")
+		diags.Append(d...)
+		if d.HasError() {
+			return result, diags
+		}
+		obj = map[string]attr.Value{
+			"aws_log_source_resource":    subscriberLogSource,
+			"custom_log_source_resource": types.ListNull(customLogSubscriberSourceModelAttrTypes),
+		}
+	case *awstypes.LogSourceResourceMemberCustomLogSource:
+		subscriberLogSource, d := flattenSubscriberLogSourceResourceModel(ctx, nil, &v.Value, "custom")
+		diags.Append(d...)
+		if d.HasError() {
+			return result, diags
+		}
+		obj = map[string]attr.Value{
+			"aws_log_source_resource":    types.ListNull(logSubscriberSourcesModelAttrTypes),
+			"custom_log_source_resource": subscriberLogSource,
+		}
+	}
+
+	result, d := types.ObjectValue(subscriberSourcesModelAttrTypes, obj)
 	diags.Append(d...)
 
-	return listVal, diags
+	return result, diags
 }
 
 func flattenSubscriberLogSourceResourceModel(ctx context.Context, awsLogApiObject *awstypes.AwsLogSourceResource, customLogApiObject *awstypes.CustomLogSourceResource, logSourceType string) (types.List, diag.Diagnostics) {
@@ -704,7 +737,7 @@ type subscriberResourceModel struct {
 	AccessTypes           types.String                                             `tfsdk:"access_type"`
 	SubscriberArn         types.String                                             `tfsdk:"arn"`
 	ID                    types.String                                             `tfsdk:"id"`
-	Sources               types.List                                               `tfsdk:"source"`
+	Sources               types.Set                                                `tfsdk:"source"`
 	SubscriberDescription types.String                                             `tfsdk:"subscriber_description"`
 	SubscriberIdentity    fwtypes.ListNestedObjectValueOf[subscriberIdentityModel] `tfsdk:"subscriber_identity"`
 	SubscriberName        types.String                                             `tfsdk:"subscriber_name"`
@@ -762,14 +795,14 @@ func (rd *subscriberResourceModel) refreshFromOutput(ctx context.Context, subscr
 
 	rd.AccessTypes = fwflex.StringValueToFramework(ctx, subscriber.AccessTypes[0])
 	rd.SubscriberIdentity = fwtypes.NewListNestedObjectValueOfPtrMust(ctx, &subscriberIdentity)
-	sourcesOutput, d := flattenSubscriberSourcesModel(ctx, subscriber.Sources)
-	diags.Append(d...)
 	rd.ResourceShareArn = fwflex.StringToFrameworkLegacy(ctx, subscriber.ResourceShareArn)
 	rd.ResourceShareName = fwflex.StringToFramework(ctx, subscriber.ResourceShareName)
 	rd.S3BucketArn = fwflex.StringToFramework(ctx, subscriber.S3BucketArn)
 	rd.SubscriberEndpoint = fwflex.StringToFramework(ctx, subscriber.SubscriberEndpoint)
 	rd.SubscriberStatus = fwflex.StringValueToFramework(ctx, subscriber.SubscriberStatus)
 	rd.RoleArn = fwflex.StringToFramework(ctx, subscriber.RoleArn)
+	sourcesOutput, d := flattenSubscriberSources(ctx, subscriber.Sources)
+	diags.Append(d...)
 	rd.Sources = sourcesOutput
 	rd.SubscriberName = fwflex.StringToFramework(ctx, subscriber.SubscriberName)
 	rd.SubscriberDescription = fwflex.StringToFramework(ctx, subscriber.SubscriberDescription)
diff --git a/internal/service/securitylake/subscriber_notification_test.go b/internal/service/securitylake/subscriber_notification_test.go
index db98128e875f..9af420a1e9f8 100644
--- a/internal/service/securitylake/subscriber_notification_test.go
+++ b/internal/service/securitylake/subscriber_notification_test.go
@@ -8,7 +8,6 @@ import (
 	"fmt"
 	"testing"
 
-	sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
 	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
@@ -22,13 +21,13 @@ func testAccSubscriberNotification_basic(t *testing.T) {
 	ctx := acctest.Context(t)
 
 	resourceName := "aws_securitylake_subscriber_notification.test"
-	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	rName := randomCustomLogSourceName()
 
 	resource.Test(t, resource.TestCase{
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
@@ -57,13 +56,13 @@ func testAccSubscriberNotification_https(t *testing.T) {
 	ctx := acctest.Context(t)
 
 	resourceName := "aws_securitylake_subscriber_notification.test"
-	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	rName := randomCustomLogSourceName()
 
 	resource.Test(t, resource.TestCase{
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
@@ -94,13 +93,13 @@ func testAccSubscriberNotification_disappears(t *testing.T) {
 	ctx := acctest.Context(t)
 
 	resourceName := "aws_securitylake_subscriber_notification.test"
-	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	rName := randomCustomLogSourceName()
 
 	resource.Test(t, resource.TestCase{
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
@@ -111,8 +110,6 @@ func testAccSubscriberNotification_disappears(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckSubscriberNotificationExists(ctx, resourceName),
 					acctest.CheckFrameworkResourceDisappears(ctx, acctest.Provider, tfsecuritylake.ResourceSubscriberNotification, resourceName),
-					resource.TestCheckResourceAttr(resourceName, "configuration.#", "1"),
-					resource.TestCheckResourceAttr(resourceName, "configuration.0.sqs_notification_configuration.#", "1"),
 				),
 				ExpectNonEmptyPlan: true,
 			},
@@ -123,13 +120,13 @@ func testAccSubscriberNotification_disappears(t *testing.T) {
 func testAccSubscriberNotification_update(t *testing.T) {
 	ctx := acctest.Context(t)
 	resourceName := "aws_securitylake_subscriber_notification.test"
-	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	rName := randomCustomLogSourceName()
 
 	resource.Test(t, resource.TestCase{
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
@@ -229,50 +226,73 @@ func testAccCheckSubscriberNotificationExists(ctx context.Context, n string) res
 
 func testAccSubscriberNotification_config(rName string) string {
 	return acctest.ConfigCompose(testAccDataLakeConfig_basic(), fmt.Sprintf(`
+resource "aws_securitylake_subscriber" "test" {
+  subscriber_name = %[1]q
+
+  source {
+    custom_log_source_resource {
+      source_name    = aws_securitylake_custom_log_source.test.source_name
+      source_version = aws_securitylake_custom_log_source.test.source_version
+    }
+  }
+  subscriber_identity {
+    external_id = "example"
+    principal   = data.aws_caller_identity.current.account_id
+  }
+}
 
+resource "aws_securitylake_custom_log_source" "test" {
+  source_name = %[1]q
 
-resource "aws_apigatewayv2_api" "test" {
-  name          = %[1]q
-  protocol_type = "HTTP"
+  configuration {
+    crawler_configuration {
+      role_arn = aws_iam_role.test.arn
+    }
+
+    provider_identity {
+      external_id = "%[1]s-test"
+      principal   = data.aws_caller_identity.current.account_id
+    }
+  }
+
+  depends_on = [aws_securitylake_data_lake.test, aws_iam_role.test]
 }
 
 resource "aws_iam_role" "test" {
-  name = "AmazonSecurityLakeCustomDataGlueCrawler-windows-sysmon"
+  name = %[1]q
   path = "/service-role/"
 
   assume_role_policy = <<POLICY
 {
-"Version": "2012-10-17",
-"Statement": [{
-	"Action": "sts:AssumeRole",
-	"Principal": {
-	"Service": "glue.amazonaws.com"
-	},
-	"Effect": "Allow"
-}]
+  "Version": "2012-10-17",
+  "Statement": [{
+    "Action": "sts:AssumeRole",
+    "Principal": {
+      "Service": "glue.amazonaws.com"
+    },
+    "Effect": "Allow"
+  }]
 }
 POLICY
 }
 
 resource "aws_iam_role_policy" "test" {
-  name = "AmazonSecurityLakeCustomDataGlueCrawler-windows-sysmon"
+  name = %[1]q
   role = aws_iam_role.test.name
 
   policy = <<POLICY
 {
-	"Version": "2012-10-17",
-		"Statement": [{
-		"Effect": "Allow",
-		"Action": [
-		"s3:GetObject",
-		"s3:PutObject"
-		],
-		"Resource": "*"
-}]
+  "Version": "2012-10-17",
+  "Statement": [{
+    "Effect": "Allow",
+    "Action": [
+      "s3:GetObject",
+      "s3:PutObject"
+    ],
+    "Resource": "*"
+  }]
 }
 POLICY
-
-  depends_on = [aws_securitylake_data_lake.test]
 }
 
 resource "aws_iam_role_policy_attachment" "test" {
@@ -286,14 +306,16 @@ resource "aws_iam_role" "event_bridge" {
 
   assume_role_policy = <<POLICY
 {
-"Version": "2012-10-17",
-"Statement": [{
-	"Action": "sts:AssumeRole",
-	"Principal": {
-	"Service": "events.amazonaws.com"
-	},
-	"Effect": "Allow"
-}]
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "events.amazonaws.com"
+      },
+      "Effect": "Allow"
+    }
+  ]
 }
 POLICY
 }
@@ -304,73 +326,39 @@ resource "aws_iam_role_policy" "event_bridge" {
 
   policy = <<POLICY
 {
-	"Version": "2012-10-17",
-	"Statement": [{
-		"Effect": "Allow",
-		"Action": ["events:InvokeApiDestination"],
-		"Resource": "*"
-}]
-}
-  POLICY
-
-  depends_on = [aws_securitylake_data_lake.test]
-}
-
-resource "aws_securitylake_custom_log_source" "test" {
-  source_name    = "windows-sysmon"
-  source_version = "1.0"
-  event_classes  = ["FILE_ACTIVITY"]
-
-  configuration {
-    crawler_configuration {
-      role_arn = aws_iam_role.test.arn
-    }
-
-    provider_identity {
-      external_id = "windows-sysmon-test"
-      principal   = data.aws_caller_identity.current.account_id
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "events:InvokeApiDestination"
+      ],
+      "Resource": "*"
     }
-  }
-
-  depends_on = [aws_securitylake_data_lake.test, aws_iam_role.test]
+  ]
 }
+POLICY
 
-resource "aws_securitylake_subscriber" "test" {
-  subscriber_name        = %[1]q
-  subscriber_description = "Example"
-  source {
-    custom_log_source_resource {
-      source_name    = aws_securitylake_custom_log_source.test.source_name
-      source_version = aws_securitylake_custom_log_source.test.source_version
-    }
-  }
-  subscriber_identity {
-    external_id = "example"
-    principal   = data.aws_caller_identity.current.account_id
-  }
-
-  depends_on = [aws_securitylake_custom_log_source.test]
+  depends_on = [aws_securitylake_data_lake.test]
 }
-
-
 `, rName))
 }
 
 func testAccSubscriberNotificationConfig_basic(rName string) string {
-	return acctest.ConfigCompose(testAccSubscriberNotification_config(rName), (`
+	return acctest.ConfigCompose(
+		testAccSubscriberNotification_config(rName), `
 resource "aws_securitylake_subscriber_notification" "test" {
   subscriber_id = aws_securitylake_subscriber.test.id
   configuration {
     sqs_notification_configuration {}
   }
-
-  depends_on = [aws_securitylake_subscriber.test]
 }
-`))
+`)
 }
 
 func testAccSubscriberNotificationConfig_https(rName string) string {
-	return acctest.ConfigCompose(testAccSubscriberNotification_config(rName), (`
+	return acctest.ConfigCompose(
+		testAccSubscriberNotification_config(rName), fmt.Sprintf(`
 resource "aws_securitylake_subscriber_notification" "test" {
   subscriber_id = aws_securitylake_subscriber.test.id
   configuration {
@@ -379,14 +367,18 @@ resource "aws_securitylake_subscriber_notification" "test" {
       target_role_arn = aws_iam_role.event_bridge.arn
     }
   }
+}
 
-  depends_on = [aws_securitylake_subscriber.test]
+resource "aws_apigatewayv2_api" "test" {
+  name          = %[1]q
+  protocol_type = "HTTP"
 }
-`))
+`, rName))
 }
 
 func testAccSubscriberNotificationConfig_https_update(rName string) string {
-	return acctest.ConfigCompose(testAccSubscriberNotification_config(rName), (`
+	return acctest.ConfigCompose(
+		testAccSubscriberNotification_config(rName), fmt.Sprintf(`
 resource "aws_securitylake_subscriber_notification" "test" {
   subscriber_id = aws_securitylake_subscriber.test.id
   configuration {
@@ -396,8 +388,11 @@ resource "aws_securitylake_subscriber_notification" "test" {
       http_method     = "POST"
     }
   }
+}
 
-  depends_on = [aws_securitylake_subscriber.test]
+resource "aws_apigatewayv2_api" "test" {
+  name          = %[1]q
+  protocol_type = "HTTP"
 }
-`))
+`, rName))
 }
diff --git a/internal/service/securitylake/subscriber_test.go b/internal/service/securitylake/subscriber_test.go
index 78ca83d97a9d..d8a637260e1c 100644
--- a/internal/service/securitylake/subscriber_test.go
+++ b/internal/service/securitylake/subscriber_test.go
@@ -8,10 +8,16 @@ import (
 	"fmt"
 	"testing"
 
+	"github.com/YakDriver/regexache"
+	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/securitylake/types"
 	sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/knownvalue"
+	"github.com/hashicorp/terraform-plugin-testing/plancheck"
+	"github.com/hashicorp/terraform-plugin-testing/statecheck"
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
+	"github.com/hashicorp/terraform-plugin-testing/tfjsonpath"
 	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	tfsecuritylake "github.com/hashicorp/terraform-provider-aws/internal/service/securitylake"
@@ -29,7 +35,7 @@ func testAccSubscriber_basic(t *testing.T) {
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
@@ -41,19 +47,37 @@ func testAccSubscriber_basic(t *testing.T) {
 					testAccCheckSubscriberExists(ctx, resourceName, &subscriber),
 					resource.TestCheckResourceAttr(resourceName, "subscriber_name", rName),
 					resource.TestCheckResourceAttr(resourceName, "access_type", "S3"),
+					func(s *terraform.State) error {
+						id := aws.ToString(subscriber.SubscriberId)
+						return acctest.CheckResourceAttrRegionalARN(resourceName, "arn", "securitylake", fmt.Sprintf("subscriber/%s", id))(s)
+					},
+					resource.TestCheckResourceAttr(resourceName, "resource_share_arn", ""),
+					func(s *terraform.State) error {
+						id := aws.ToString(subscriber.SubscriberId)
+						return acctest.CheckResourceAttrGlobalARN(resourceName, "role_arn", "iam", fmt.Sprintf("role/AmazonSecurityLake-%s", id))(s)
+					},
+					acctest.MatchResourceAttrGlobalARNNoAccount(resourceName, "s3_bucket_arn", "s3", regexache.MustCompile(fmt.Sprintf(`aws-security-data-lake-%s-[a-z0-9]{30}$`, acctest.Region()))),
+					resource.TestCheckResourceAttrSet(resourceName, "id"),
+					func(s *terraform.State) error {
+						id := aws.ToString(subscriber.SubscriberId)
+						return resource.TestCheckResourceAttr(resourceName, "id", id)(s)
+					},
+					resource.TestCheckNoResourceAttr(resourceName, "subscriber_description"),
+					resource.TestCheckNoResourceAttr(resourceName, "resource_share_name"),
+					resource.TestCheckNoResourceAttr(resourceName, "subscriber_endpoint"),
 					resource.TestCheckResourceAttr(resourceName, "source.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "source.0.aws_log_source_resource.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "source.0.aws_log_source_resource.0.source_name", "ROUTE53"),
-					resource.TestCheckResourceAttr(resourceName, "source.0.aws_log_source_resource.0.source_version", "1.0"),
+					resource.TestCheckResourceAttr(resourceName, "source.0.aws_log_source_resource.0.source_version", "2.0"),
 					resource.TestCheckResourceAttr(resourceName, "subscriber_identity.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "subscriber_identity.0.external_id", "example"),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
 				),
 			},
 			{
-				ResourceName:            resourceName,
-				ImportState:             true,
-				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{},
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
 			},
 		},
 	})
@@ -69,7 +93,7 @@ func testAccSubscriber_disappears(t *testing.T) {
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
@@ -77,17 +101,9 @@ func testAccSubscriber_disappears(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config: testAccSubscriberConfig_basic(rName),
-				Check: resource.ComposeTestCheckFunc(
+				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckSubscriberExists(ctx, resourceName, &subscriber),
 					acctest.CheckFrameworkResourceDisappears(ctx, acctest.Provider, tfsecuritylake.ResourceSubscriber, resourceName),
-					resource.TestCheckResourceAttr(resourceName, "subscriber_name", rName),
-					resource.TestCheckResourceAttr(resourceName, "access_type", "S3"),
-					resource.TestCheckResourceAttr(resourceName, "source.#", "1"),
-					resource.TestCheckResourceAttr(resourceName, "source.0.aws_log_source_resource.#", "1"),
-					resource.TestCheckResourceAttr(resourceName, "source.0.aws_log_source_resource.0.source_name", "ROUTE53"),
-					resource.TestCheckResourceAttr(resourceName, "source.0.aws_log_source_resource.0.source_version", "1.0"),
-					resource.TestCheckResourceAttr(resourceName, "subscriber_identity.#", "1"),
-					resource.TestCheckResourceAttr(resourceName, "subscriber_identity.0.external_id", "example"),
 				),
 				ExpectNonEmptyPlan: true,
 			},
@@ -100,19 +116,20 @@ func testAccSubscriber_customLogSource(t *testing.T) {
 	resourceName := "aws_securitylake_subscriber.test"
 	var subscriber types.SubscriberResource
 	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	sourceName := randomCustomLogSourceName()
 
 	resource.Test(t, resource.TestCase{
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
 		CheckDestroy:             testAccCheckSubscriberDestroy(ctx),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccSubscriberConfig_customLog(rName),
+				Config: testAccSubscriberConfig_customLog(rName, sourceName),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckSubscriberExists(ctx, resourceName, &subscriber),
 					resource.TestCheckResourceAttr(resourceName, "subscriber_name", rName),
@@ -120,15 +137,45 @@ func testAccSubscriber_customLogSource(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "source.0.custom_log_source_resource.#", "1"),
 					resource.TestCheckResourceAttrPair(resourceName, "source.0.custom_log_source_resource.0.source_name", "aws_securitylake_custom_log_source.test", "source_name"),
 					resource.TestCheckResourceAttrPair(resourceName, "source.0.custom_log_source_resource.0.source_version", "aws_securitylake_custom_log_source.test", "source_version"),
-					resource.TestCheckResourceAttr(resourceName, "subscriber_identity.#", "1"),
-					resource.TestCheckResourceAttr(resourceName, "subscriber_identity.0.external_id", "example"),
 				),
 			},
 			{
-				ResourceName:            resourceName,
-				ImportState:             true,
-				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{},
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccSubscriber_accessType(t *testing.T) {
+	ctx := acctest.Context(t)
+	resourceName := "aws_securitylake_subscriber.test"
+	var subscriber types.SubscriberResource
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
+			testAccPreCheck(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckSubscriberDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSubscriberConfig_accessType(rName, "S3"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckSubscriberExists(ctx, resourceName, &subscriber),
+					resource.TestCheckResourceAttr(resourceName, "subscriber_name", rName),
+					resource.TestCheckResourceAttr(resourceName, "access_type", "S3"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
 			},
 		},
 	})
@@ -144,7 +191,7 @@ func testAccSubscriber_tags(t *testing.T) {
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
@@ -152,21 +199,20 @@ func testAccSubscriber_tags(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config: testAccSubscriberConfig_tags1(rName, "key1", "value1"),
-				Check: resource.ComposeTestCheckFunc(
+				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckSubscriberExists(ctx, resourceName, &subscriber),
 					resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
 					resource.TestCheckResourceAttr(resourceName, "tags.key1", "value1"),
 				),
 			},
 			{
-				ResourceName:            resourceName,
-				ImportState:             true,
-				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{},
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
 			},
 			{
 				Config: testAccSubscriberConfig_tags2(rName, "key1", "value1updated", "key2", "value2"),
-				Check: resource.ComposeTestCheckFunc(
+				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckSubscriberExists(ctx, resourceName, &subscriber),
 					resource.TestCheckResourceAttr(resourceName, "tags.%", "2"),
 					resource.TestCheckResourceAttr(resourceName, "tags.key1", "value1updated"),
@@ -175,7 +221,7 @@ func testAccSubscriber_tags(t *testing.T) {
 			},
 			{
 				Config: testAccSubscriberConfig_tags1(rName, "key2", "value2"),
-				Check: resource.ComposeTestCheckFunc(
+				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckSubscriberExists(ctx, resourceName, &subscriber),
 					resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
 					resource.TestCheckResourceAttr(resourceName, "tags.key2", "value2"),
@@ -195,7 +241,7 @@ func testAccSubscriber_update(t *testing.T) {
 		PreCheck: func() {
 			acctest.PreCheck(ctx, t)
 			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
-			acctest.PreCheckOrganizationsAccount(ctx, t)
+			testAccPreCheck(ctx, t)
 		},
 		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
@@ -203,43 +249,221 @@ func testAccSubscriber_update(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config: testAccSubscriberConfig_basic(rName),
-				Check: resource.ComposeTestCheckFunc(
+				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckSubscriberExists(ctx, resourceName, &subscriber),
 					resource.TestCheckResourceAttr(resourceName, "subscriber_name", rName),
 					resource.TestCheckResourceAttr(resourceName, "access_type", "S3"),
 					resource.TestCheckResourceAttr(resourceName, "source.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "source.0.aws_log_source_resource.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "source.0.aws_log_source_resource.0.source_name", "ROUTE53"),
-					resource.TestCheckResourceAttr(resourceName, "source.0.aws_log_source_resource.0.source_version", "1.0"),
 					resource.TestCheckResourceAttr(resourceName, "subscriber_identity.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "subscriber_identity.0.external_id", "example"),
 				),
 			},
 			{
-				ResourceName:            resourceName,
-				ImportState:             true,
-				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{},
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
 			},
 			{
 				Config: testAccSubscriberConfig_update(rName),
-				Check: resource.ComposeTestCheckFunc(
+				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckSubscriberExists(ctx, resourceName, &subscriber),
 					resource.TestCheckResourceAttr(resourceName, "subscriber_name", rName),
 					resource.TestCheckResourceAttr(resourceName, "access_type", "S3"),
 					resource.TestCheckResourceAttr(resourceName, "source.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "source.0.aws_log_source_resource.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "source.0.aws_log_source_resource.0.source_name", "VPC_FLOW"),
-					resource.TestCheckResourceAttr(resourceName, "source.0.aws_log_source_resource.0.source_version", "1.0"),
 					resource.TestCheckResourceAttr(resourceName, "subscriber_identity.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "subscriber_identity.0.external_id", "updated"),
 				),
 			},
 			{
-				ResourceName:            resourceName,
-				ImportState:             true,
-				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{},
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccSubscriber_multipleSources(t *testing.T) {
+	ctx := acctest.Context(t)
+	resourceName := "aws_securitylake_subscriber.test"
+	var subscriber types.SubscriberResource
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
+			testAccPreCheck(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.SecurityLakeServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckSubscriberDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSubscriberConfig_sources2(rName, "VPC_FLOW", "ROUTE53"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckSubscriberExists(ctx, resourceName, &subscriber),
+					resource.TestCheckResourceAttr(resourceName, "subscriber_name", rName),
+				),
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectKnownValue(resourceName,
+						tfjsonpath.New("source"),
+						knownvalue.SetExact([]knownvalue.Check{
+							knownvalue.ObjectExact(map[string]knownvalue.Check{
+								"aws_log_source_resource": knownvalue.ListExact([]knownvalue.Check{
+									knownvalue.ObjectPartial(map[string]knownvalue.Check{
+										"source_name": knownvalue.StringExact("VPC_FLOW"),
+									}),
+								}),
+								"custom_log_source_resource": knownvalue.ListSizeExact(0),
+							}),
+							knownvalue.ObjectExact(map[string]knownvalue.Check{
+								"aws_log_source_resource": knownvalue.ListExact([]knownvalue.Check{
+									knownvalue.ObjectPartial(map[string]knownvalue.Check{
+										"source_name": knownvalue.StringExact("ROUTE53"),
+									}),
+								}),
+								"custom_log_source_resource": knownvalue.ListSizeExact(0),
+							}),
+						}),
+					),
+				},
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccSubscriberConfig_sources2(rName, "ROUTE53", "VPC_FLOW"),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectEmptyPlan(),
+					},
+				},
+				ExpectNonEmptyPlan: false,
+			},
+			{
+				Config: testAccSubscriberConfig_sources1(rName, "ROUTE53"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckSubscriberExists(ctx, resourceName, &subscriber),
+					resource.TestCheckResourceAttr(resourceName, "subscriber_name", rName),
+				),
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectKnownValue(resourceName,
+						tfjsonpath.New("source"),
+						knownvalue.SetExact([]knownvalue.Check{
+							knownvalue.ObjectExact(map[string]knownvalue.Check{
+								"aws_log_source_resource": knownvalue.ListExact([]knownvalue.Check{
+									knownvalue.ObjectPartial(map[string]knownvalue.Check{
+										"source_name": knownvalue.StringExact("ROUTE53"),
+									}),
+								}),
+								"custom_log_source_resource": knownvalue.ListSizeExact(0),
+							}),
+						}),
+					),
+				},
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccSubscriberConfig_sources2(rName, "VPC_FLOW", "S3_DATA"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckSubscriberExists(ctx, resourceName, &subscriber),
+					resource.TestCheckResourceAttr(resourceName, "subscriber_name", rName),
+				),
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectKnownValue(resourceName,
+						tfjsonpath.New("source"),
+						knownvalue.SetExact([]knownvalue.Check{
+							knownvalue.ObjectExact(map[string]knownvalue.Check{
+								"aws_log_source_resource": knownvalue.ListExact([]knownvalue.Check{
+									knownvalue.ObjectPartial(map[string]knownvalue.Check{
+										"source_name": knownvalue.StringExact("VPC_FLOW"),
+									}),
+								}),
+								"custom_log_source_resource": knownvalue.ListSizeExact(0),
+							}),
+							knownvalue.ObjectExact(map[string]knownvalue.Check{
+								"aws_log_source_resource": knownvalue.ListExact([]knownvalue.Check{
+									knownvalue.ObjectPartial(map[string]knownvalue.Check{
+										"source_name": knownvalue.StringExact("S3_DATA"),
+									}),
+								}),
+								"custom_log_source_resource": knownvalue.ListSizeExact(0),
+							}),
+						}),
+					),
+				},
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccSubscriber_migrate_source(t *testing.T) {
+	ctx := acctest.Context(t)
+	resourceName := "aws_securitylake_subscriber.test"
+	var subscriber types.SubscriberResource
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.SecurityLake)
+			testAccPreCheck(ctx, t)
+		},
+		ErrorCheck:   acctest.ErrorCheck(t, names.SecurityLakeServiceID),
+		CheckDestroy: testAccCheckSubscriberDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				ExternalProviders: map[string]resource.ExternalProvider{
+					"aws": {
+						Source:            "hashicorp/aws",
+						VersionConstraint: "5.47.0",
+					},
+				},
+				Config: testAccSubscriberConfig_migrate_basic(rName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckSubscriberExists(ctx, resourceName, &subscriber),
+					resource.TestCheckResourceAttr(resourceName, "subscriber_name", rName),
+					resource.TestCheckResourceAttr(resourceName, "source.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "source.0.aws_log_source_resource.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "source.0.aws_log_source_resource.0.source_name", "ROUTE53"),
+				),
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectKnownValue(resourceName,
+						tfjsonpath.New("source"),
+						knownvalue.ListExact([]knownvalue.Check{
+							knownvalue.ObjectExact(map[string]knownvalue.Check{
+								"aws_log_source_resource": knownvalue.ListExact([]knownvalue.Check{
+									knownvalue.ObjectExact(map[string]knownvalue.Check{
+										"source_name":    knownvalue.StringExact("ROUTE53"),
+										"source_version": knownvalue.StringExact("2.0"),
+									}),
+								}),
+								"custom_log_source_resource": knownvalue.ListSizeExact(0),
+							}),
+						}),
+					),
+				},
+			},
+			{
+				ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+				Config:                   testAccSubscriberConfig_basic(rName),
+				PlanOnly:                 true,
 			},
 		},
 	})
@@ -293,103 +517,39 @@ func testAccCheckSubscriberExists(ctx context.Context, n string, v *types.Subscr
 }
 
 func testAccSubscriberConfig_basic(rName string) string {
-	return acctest.ConfigCompose(testAccDataLakeConfig_basic(), fmt.Sprintf(`
-data "aws_caller_identity" "test" {}
-
-resource "aws_securitylake_aws_log_source" "test" {
-  source {
-    accounts       = [data.aws_caller_identity.test.account_id]
-    regions        = [%[1]q]
-    source_name    = "ROUTE53"
-    source_version = "1.0"
-  }
-  depends_on = [aws_securitylake_data_lake.test]
-}
-
+	return acctest.ConfigCompose(
+		testAccDataLakeConfig_basic(), fmt.Sprintf(`
 resource "aws_securitylake_subscriber" "test" {
-  subscriber_name = %[2]q
-  access_type     = "S3"
+  subscriber_name = %[1]q
   source {
     aws_log_source_resource {
-      source_name    = "ROUTE53"
-      source_version = "1.0"
+      source_name = "ROUTE53"
     }
   }
   subscriber_identity {
     external_id = "example"
-    principal   = data.aws_caller_identity.test.account_id
+    principal   = data.aws_caller_identity.current.account_id
   }
 
   depends_on = [aws_securitylake_aws_log_source.test]
 }
-`, acctest.Region(), rName))
-}
-
-func testAccSubscriberConfig_customLog(rName string) string {
-	return acctest.ConfigCompose(testAccDataLakeConfig_basic(), fmt.Sprintf(`
-resource "aws_iam_role" "test" {
-  name = "AmazonSecurityLakeCustomDataGlueCrawler-windows-sysmon"
-  path = "/service-role/"
-
-  assume_role_policy = <<POLICY
-{
-"Version": "2012-10-17",
-"Statement": [{
-	"Action": "sts:AssumeRole",
-	"Principal": {
-	"Service": "glue.amazonaws.com"
-	},
-	"Effect": "Allow"
-}]
-}
-POLICY
-}
-
-resource "aws_iam_role_policy" "test" {
-  name = "AmazonSecurityLakeCustomDataGlueCrawler-windows-sysmon"
-  role = aws_iam_role.test.name
-
-  policy = <<POLICY
-{
-	"Version": "2012-10-17",
-		"Statement": [{
-		"Effect": "Allow",
-		"Action": [
-		"s3:GetObject",
-		"s3:PutObject"
-		],
-		"Resource": "*"
-}]
-}
-POLICY
 
+resource "aws_securitylake_aws_log_source" "test" {
+  source {
+    accounts    = [data.aws_caller_identity.current.account_id]
+    regions     = [data.aws_region.current.name]
+    source_name = "ROUTE53"
+  }
   depends_on = [aws_securitylake_data_lake.test]
 }
 
-resource "aws_iam_role_policy_attachment" "test" {
-  policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSGlueServiceRole"
-  role       = aws_iam_role.test.name
-}
-
-resource "aws_securitylake_custom_log_source" "test" {
-  source_name    = "windows-sysmon"
-  source_version = "1.0"
-  event_classes  = ["FILE_ACTIVITY"]
-
-  configuration {
-    crawler_configuration {
-      role_arn = aws_iam_role.test.arn
-    }
-
-    provider_identity {
-      external_id = "windows-sysmon-test"
-      principal   = data.aws_caller_identity.current.account_id
-    }
-  }
-
-  depends_on = [aws_securitylake_data_lake.test, aws_iam_role.test]
+data "aws_region" "current" {}
+`, rName))
 }
 
+func testAccSubscriberConfig_customLog(rName, sourceName string) string {
+	return acctest.ConfigCompose(
+		testAccDataLakeConfig_basic(), fmt.Sprintf(`
 resource "aws_securitylake_subscriber" "test" {
   subscriber_name        = %[1]q
   subscriber_description = "Example"
@@ -406,13 +566,27 @@ resource "aws_securitylake_subscriber" "test" {
 
   depends_on = [aws_securitylake_custom_log_source.test]
 }
-`, rName))
+
+resource "aws_securitylake_custom_log_source" "test" {
+  source_name    = %[2]q
+  source_version = "1.5"
+
+  configuration {
+    crawler_configuration {
+      role_arn = aws_iam_role.test.arn
+    }
+
+    provider_identity {
+      external_id = "%[2]s-test"
+      principal   = data.aws_caller_identity.current.account_id
+    }
+  }
+
+  depends_on = [aws_securitylake_data_lake.test, aws_iam_role.test]
 }
 
-func testAccSubscriberConfig_tags1(rName, tag1Key, tag1Value string) string {
-	return acctest.ConfigCompose(testAccDataLakeConfig_basic(), fmt.Sprintf(`
 resource "aws_iam_role" "test" {
-  name = "AmazonSecurityLakeCustomDataGlueCrawler-windows-sysmon"
+  name = %[2]q
   path = "/service-role/"
 
   assume_role_policy = <<POLICY
@@ -430,7 +604,7 @@ POLICY
 }
 
 resource "aws_iam_role_policy" "test" {
-  name = "AmazonSecurityLakeCustomDataGlueCrawler-windows-sysmon"
+  name = %[2]q
   role = aws_iam_role.test.name
 
   policy = <<POLICY
@@ -446,41 +620,56 @@ resource "aws_iam_role_policy" "test" {
 }]
 }
 POLICY
-
-  depends_on = [aws_securitylake_data_lake.test]
 }
 
 resource "aws_iam_role_policy_attachment" "test" {
   policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSGlueServiceRole"
   role       = aws_iam_role.test.name
 }
+`, rName, sourceName))
+}
 
-resource "aws_securitylake_custom_log_source" "test" {
-  source_name    = "windows-sysmon"
-  source_version = "1.0"
-  event_classes  = ["FILE_ACTIVITY"]
-
-  configuration {
-    crawler_configuration {
-      role_arn = aws_iam_role.test.arn
+func testAccSubscriberConfig_accessType(rName, accessType string) string {
+	return acctest.ConfigCompose(
+		testAccDataLakeConfig_basic(), fmt.Sprintf(`
+resource "aws_securitylake_subscriber" "test" {
+  subscriber_name = %[1]q
+  access_type     = %[2]q
+  source {
+    aws_log_source_resource {
+      source_name = "ROUTE53"
     }
+  }
+  subscriber_identity {
+    external_id = "example"
+    principal   = data.aws_caller_identity.current.account_id
+  }
 
-    provider_identity {
-      external_id = "windows-sysmon-test"
-      principal   = data.aws_caller_identity.current.account_id
-    }
+  depends_on = [aws_securitylake_aws_log_source.test]
+}
+
+resource "aws_securitylake_aws_log_source" "test" {
+  source {
+    accounts    = [data.aws_caller_identity.current.account_id]
+    regions     = [data.aws_region.current.name]
+    source_name = "ROUTE53"
   }
+  depends_on = [aws_securitylake_data_lake.test]
+}
 
-  depends_on = [aws_securitylake_data_lake.test, aws_iam_role.test]
+data "aws_region" "current" {}
+`, rName, accessType))
 }
 
+func testAccSubscriberConfig_tags1(rName, tag1Key, tag1Value string) string {
+	return acctest.ConfigCompose(
+		testAccDataLakeConfig_basic(), fmt.Sprintf(`
 resource "aws_securitylake_subscriber" "test" {
-  subscriber_name        = %[1]q
-  subscriber_description = "Example"
+  subscriber_name = %[1]q
   source {
-    custom_log_source_resource {
-      source_name    = aws_securitylake_custom_log_source.test.source_name
-      source_version = aws_securitylake_custom_log_source.test.source_version
+    aws_log_source_resource {
+      source_name    = "ROUTE53"
+      source_version = "1.0"
     }
   }
   subscriber_identity {
@@ -492,83 +681,101 @@ resource "aws_securitylake_subscriber" "test" {
     %[2]q = %[3]q
   }
 
-  depends_on = [aws_securitylake_custom_log_source.test]
+  depends_on = [aws_securitylake_aws_log_source.test]
 }
+
+resource "aws_securitylake_aws_log_source" "test" {
+  source {
+    accounts       = [data.aws_caller_identity.current.account_id]
+    regions        = [data.aws_region.current.name]
+    source_name    = "ROUTE53"
+    source_version = "1.0"
+  }
+  depends_on = [aws_securitylake_data_lake.test]
+}
+
+data "aws_region" "current" {}
 `, rName, tag1Key, tag1Value))
 }
 
 func testAccSubscriberConfig_tags2(rName, tag1Key, tag1Value, tag2Key, tag2Value string) string {
-	return acctest.ConfigCompose(testAccDataLakeConfig_basic(), fmt.Sprintf(`
-resource "aws_iam_role" "test" {
-  name = "AmazonSecurityLakeCustomDataGlueCrawler-windows-sysmon"
-  path = "/service-role/"
-
-  assume_role_policy = <<POLICY
-{
-"Version": "2012-10-17",
-"Statement": [{
-	"Action": "sts:AssumeRole",
-	"Principal": {
-	"Service": "glue.amazonaws.com"
-	},
-	"Effect": "Allow"
-}]
-}
-POLICY
-}
+	return acctest.ConfigCompose(
+		testAccDataLakeConfig_basic(), fmt.Sprintf(`
+resource "aws_securitylake_subscriber" "test" {
+  subscriber_name = %[1]q
+  source {
+    aws_log_source_resource {
+      source_name    = "ROUTE53"
+      source_version = "1.0"
+    }
+  }
+  subscriber_identity {
+    external_id = "example"
+    principal   = data.aws_caller_identity.current.account_id
+  }
 
-resource "aws_iam_role_policy" "test" {
-  name = "AmazonSecurityLakeCustomDataGlueCrawler-windows-sysmon"
-  role = aws_iam_role.test.name
+  tags = {
+    %[2]q = %[3]q
+    %[4]q = %[5]q
+  }
 
-  policy = <<POLICY
-{
-	"Version": "2012-10-17",
-		"Statement": [{
-		"Effect": "Allow",
-		"Action": [
-		"s3:GetObject",
-		"s3:PutObject"
-		],
-		"Resource": "*"
-}]
+  depends_on = [aws_securitylake_aws_log_source.test]
 }
-POLICY
 
+resource "aws_securitylake_aws_log_source" "test" {
+  source {
+    accounts       = [data.aws_caller_identity.current.account_id]
+    regions        = [data.aws_region.current.name]
+    source_name    = "ROUTE53"
+    source_version = "1.0"
+  }
   depends_on = [aws_securitylake_data_lake.test]
 }
 
-resource "aws_iam_role_policy_attachment" "test" {
-  policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSGlueServiceRole"
-  role       = aws_iam_role.test.name
+data "aws_region" "current" {}
+`, rName, tag1Key, tag1Value, tag2Key, tag2Value))
 }
 
-resource "aws_securitylake_custom_log_source" "test" {
-  source_name    = "windows-sysmon"
-  source_version = "1.0"
-  event_classes  = ["FILE_ACTIVITY"]
-
-  configuration {
-    crawler_configuration {
-      role_arn = aws_iam_role.test.arn
+func testAccSubscriberConfig_update(rName string) string {
+	return acctest.ConfigCompose(
+		testAccDataLakeConfig_basic(), fmt.Sprintf(`
+resource "aws_securitylake_subscriber" "test" {
+  subscriber_name = %[1]q
+  access_type     = "S3"
+  source {
+    aws_log_source_resource {
+      source_name    = "VPC_FLOW"
+      source_version = "1.0"
     }
+  }
+  subscriber_identity {
+    external_id = "updated"
+    principal   = data.aws_caller_identity.current.account_id
+  }
+}
 
-    provider_identity {
-      external_id = "windows-sysmon-test"
-      principal   = data.aws_caller_identity.current.account_id
-    }
+resource "aws_securitylake_aws_log_source" "test" {
+  source {
+    accounts       = [data.aws_caller_identity.current.account_id]
+    regions        = [data.aws_region.current.name]
+    source_name    = "ROUTE53"
+    source_version = "1.0"
   }
+  depends_on = [aws_securitylake_data_lake.test]
+}
 
-  depends_on = [aws_securitylake_data_lake.test, aws_iam_role.test]
+data "aws_region" "current" {}
+`, rName))
 }
 
+func testAccSubscriberConfig_sources1(rName, source1 string) string {
+	return acctest.ConfigCompose(
+		testAccDataLakeConfig_basic(), fmt.Sprintf(`
 resource "aws_securitylake_subscriber" "test" {
-  subscriber_name        = %[1]q
-  subscriber_description = "Example"
+  subscriber_name = %[1]q
   source {
-    custom_log_source_resource {
-      source_name    = aws_securitylake_custom_log_source.test.source_name
-      source_version = aws_securitylake_custom_log_source.test.source_version
+    aws_log_source_resource {
+      source_name = %[2]q
     }
   }
   subscriber_identity {
@@ -576,43 +783,97 @@ resource "aws_securitylake_subscriber" "test" {
     principal   = data.aws_caller_identity.current.account_id
   }
 
-  tags = {
-    %[2]q = %[3]q
-    %[4]q = %[5]q
-  }
+  depends_on = [aws_securitylake_aws_log_source.test]
+}
 
-  depends_on = [aws_securitylake_custom_log_source.test]
+resource "aws_securitylake_aws_log_source" "test" {
+  source {
+    accounts    = [data.aws_caller_identity.current.account_id]
+    regions     = [data.aws_region.current.name]
+    source_name = %[2]q
+  }
+  depends_on = [
+    aws_securitylake_data_lake.test,
+  ]
 }
-`, rName, tag1Key, tag1Value, tag2Key, tag2Value))
+
+data "aws_region" "current" {}
+`, rName, source1))
 }
 
-func testAccSubscriberConfig_update(rName string) string {
-	return acctest.ConfigCompose(testAccDataLakeConfig_basic(), fmt.Sprintf(`
-data "aws_caller_identity" "test" {}
+func testAccSubscriberConfig_sources2(rName, source1, source2 string) string {
+	return acctest.ConfigCompose(
+		testAccDataLakeConfig_basic(), fmt.Sprintf(`
+resource "aws_securitylake_subscriber" "test" {
+  subscriber_name = %[1]q
+  source {
+    aws_log_source_resource {
+      source_name = %[2]q
+    }
+  }
+  source {
+    aws_log_source_resource {
+      source_name = %[3]q
+    }
+  }
+  subscriber_identity {
+    external_id = "example"
+    principal   = data.aws_caller_identity.current.account_id
+  }
+
+  depends_on = [
+    aws_securitylake_aws_log_source.test,
+  ]
+}
 
 resource "aws_securitylake_aws_log_source" "test" {
+  count = length(local.source_names)
+
   source {
-    accounts       = [data.aws_caller_identity.test.account_id]
-    regions        = [%[1]q]
-    source_name    = "ROUTE53"
-    source_version = "1.0"
+    accounts    = [data.aws_caller_identity.current.account_id]
+    regions     = [data.aws_region.current.name]
+    source_name = local.source_names[count.index]
   }
   depends_on = [aws_securitylake_data_lake.test]
 }
 
+locals {
+  source_names = sort([%[2]q, %[3]q])
+}
+
+data "aws_region" "current" {}
+`, rName, source1, source2))
+}
+
+func testAccSubscriberConfig_migrate_basic(rName string) string {
+	return acctest.ConfigCompose(
+		testAccDataLakeConfig_basic(), fmt.Sprintf(`
 resource "aws_securitylake_subscriber" "test" {
-  subscriber_name = %[2]q
-  access_type     = "S3"
+  subscriber_name = %[1]q
   source {
     aws_log_source_resource {
-      source_name    = "VPC_FLOW"
-      source_version = "1.0"
+      source_name    = "ROUTE53"
+      source_version = "2.0"
     }
   }
   subscriber_identity {
-    external_id = "updated"
-    principal   = data.aws_caller_identity.test.account_id
+    external_id = "example"
+    principal   = data.aws_caller_identity.current.account_id
+  }
+
+  depends_on = [aws_securitylake_aws_log_source.test]
+}
+
+resource "aws_securitylake_aws_log_source" "test" {
+  source {
+    accounts       = [data.aws_caller_identity.current.account_id]
+    regions        = [data.aws_region.current.name]
+    source_name    = "ROUTE53"
+    source_version = "2.0"
   }
+  depends_on = [aws_securitylake_data_lake.test]
 }
-`, acctest.Region(), rName))
+
+data "aws_region" "current" {}
+`, rName))
 }
diff --git a/internal/service/ssm/parameter_test.go b/internal/service/ssm/parameter_test.go
index ab9b730da153..c75cd52b459e 100644
--- a/internal/service/ssm/parameter_test.go
+++ b/internal/service/ssm/parameter_test.go
@@ -954,8 +954,7 @@ func TestAccSSMParameter_DataType_ec2Image(t *testing.T) {
 }
 
 func TestAccSSMParameter_DataType_ssmIntegration(t *testing.T) {
-	ctx := //nosemgrep:ci.ssm-in-func-name
-		acctest.Context(t)
+	ctx := acctest.Context(t)
 	var param ssm.Parameter
 	webhookName := sdkacctest.RandString(16)
 	rName := fmt.Sprintf("/d9d01087-4a3f-49e0-b0b4-d568d7826553/ssm/integrations/webhook/%s", webhookName)
diff --git a/website/docs/r/securitylake_aws_log_source.html.markdown b/website/docs/r/securitylake_aws_log_source.html.markdown
index 50a856b419d1..0a16f67ce8ea 100644
--- a/website/docs/r/securitylake_aws_log_source.html.markdown
+++ b/website/docs/r/securitylake_aws_log_source.html.markdown
@@ -10,18 +10,23 @@ description: |-
 
 Terraform resource for managing an Amazon Security Lake AWS Log Source.
 
+~> **NOTE:** A single `aws_securitylake_aws_log_source` should be used to configure a log source across all regions and accounts.
+
+~> **NOTE:** The underlying `aws_securitylake_data_lake` must be configured before creating the `aws_securitylake_aws_log_source`. Use a `depends_on` statement.
+
 ## Example Usage
 
 ### Basic Usage
 
 ```terraform
-resource "aws_securitylake_aws_log_source" "test" {
+resource "aws_securitylake_aws_log_source" "example" {
   source {
-    accounts       = ["123456789012"]
-    regions        = ["eu-west-1"]
-    source_name    = "ROUTE53"
-    source_version = "1.0"
+    accounts    = ["123456789012"]
+    regions     = ["eu-west-1"]
+    source_name = "ROUTE53"
   }
+
+  depends_on = [aws_securitylake_data_lake.example]
 }
 ```
 
@@ -34,9 +39,12 @@ The following arguments are required:
 `source` supports the following:
 
 * `accounts` - (Optional) Specify the AWS account information where you want to enable Security Lake.
+  If not specified, uses all accounts included in the Security Lake.
 * `regions` - (Required) Specify the Regions where you want to enable Security Lake.
 * `source_name` - (Required) The name for a AWS source. This must be a Regionally unique value. Valid values: `ROUTE53`, `VPC_FLOW`, `SH_FINDINGS`, `CLOUD_TRAIL_MGMT`, `LAMBDA_EXECUTION`, `S3_DATA`.
-* `source_version` - (Optional) The version for a AWS source. This must be a Regionally unique value.
+* `source_version` - (Optional) The version for a AWS source.
+  If not specified, the version will be the default.
+  This must be a Regionally unique value.
 
 ## Attribute Reference
 
diff --git a/website/docs/r/securitylake_custom_log_source.html.markdown b/website/docs/r/securitylake_custom_log_source.html.markdown
index edf3caf0d809..a62d9a3fdeae 100644
--- a/website/docs/r/securitylake_custom_log_source.html.markdown
+++ b/website/docs/r/securitylake_custom_log_source.html.markdown
@@ -10,6 +10,8 @@ description: |-
 
 Terraform resource for managing an AWS Security Lake Custom Log Source.
 
+~> **NOTE:** The underlying `aws_securitylake_data_lake` must be configured before creating the `aws_securitylake_custom_log_source`. Use a `depends_on` statement.
+
 ## Example Usage
 
 ### Basic Usage
@@ -30,6 +32,8 @@ resource "aws_securitylake_custom_log_source" "example" {
       principal   = "123456789012"
     }
   }
+
+  depends_on = [aws_securitylake_data_lake.example]
 }
 ```
 
@@ -43,8 +47,10 @@ This resource supports the following arguments:
     * `provider_identity` - (Required) The identity of the log provider for the third-party custom source.
         * `external_id` - (Required) The external ID used to estalish trust relationship with the AWS identity.
         * `principal` - (Required) The AWS identity principal.
-* `event_classes` - (Required) The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake.
-* `source_name` - (Required) Specify the name for a third-party custom source. This must be a Regionally unique value.
+* `event_classes` - (Optional) The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake.
+* `source_name` - (Required) Specify the name for a third-party custom source.
+  This must be a Regionally unique value.
+  Has a maximum length of 20.
 * `source_version` - (Optional) Specify the source version for the third-party custom source, to limit log collection to a specific version of custom data source.
 
 ## Attribute Reference
diff --git a/website/docs/r/securitylake_data_lake.html.markdown b/website/docs/r/securitylake_data_lake.html.markdown
index e983b587be76..f8234332a3c7 100644
--- a/website/docs/r/securitylake_data_lake.html.markdown
+++ b/website/docs/r/securitylake_data_lake.html.markdown
@@ -10,6 +10,8 @@ description: |-
 
 Terraform resource for managing an AWS Security Lake Data Lake.
 
+~> **NOTE:** The underlying `aws_securitylake_data_lake` must be configured before creating other Security Lake resources. Use a `depends_on` statement.
+
 ## Example Usage
 
 ```terraform
diff --git a/website/docs/r/securitylake_subscriber.html.markdown b/website/docs/r/securitylake_subscriber.html.markdown
index 98268632b977..96ecf03060c7 100644
--- a/website/docs/r/securitylake_subscriber.html.markdown
+++ b/website/docs/r/securitylake_subscriber.html.markdown
@@ -10,12 +10,13 @@ description: |-
 
 Terraform resource for managing an AWS Security Lake Subscriber.
 
+~> **NOTE:** The underlying `aws_securitylake_data_lake` must be configured before creating the `aws_securitylake_subscriber`. Use a `depends_on` statement.
+
 ## Example Usage
 
 ```terraform
 resource "aws_securitylake_subscriber" "example" {
   subscriber_name = "example-name"
-  source_version  = "1.0"
   access_type     = "S3"
 
   source {
@@ -28,6 +29,8 @@ resource "aws_securitylake_subscriber" "example" {
     external_id = "example"
     principal   = "1234567890"
   }
+
+  depends_on = [aws_securitylake_data_lake.example]
 }
 ```
 
@@ -51,14 +54,14 @@ Sources support the following:
 * `aws_log_source_resource` - (Optional) Amazon Security Lake supports log and event collection for natively supported AWS services.
 * `custom_log_source_resource` - (Optional) Amazon Security Lake supports custom source types.
 
-Aws Log Source Resource support the following:
+AWS Log Source Resource support the following:
 
-* `source_name` - (Optional) Provides data expiration details of Amazon Security Lake object.
+* `source_name` - (Required) Provides data expiration details of Amazon Security Lake object.
 * `source_version` - (Optional) Provides data storage transition details of Amazon Security Lake object.
 
 Custom Log Source Resource support the following:
 
-* `source_name` - (Optional) The name for a third-party custom source. This must be a Regionally unique value.
+* `source_name` - (Required) The name for a third-party custom source. This must be a Regionally unique value.
 * `source_version` - (Optional) The version for a third-party custom source. This must be a Regionally unique value.
 
 ## Attribute Reference