CloudTrail Lake is a full-featured, self-contained, managed feature, independent of a traditional AWS CloudTrail service that collects CloudTrail activity logs, processes them in immutable, secure, long-term storage, and allows SQL queries to be executed on them. The journey started back in 2013 when AWS launched CloudTrail. Right now, AWS provides CloudTrail free of cost for 90 days, where you can see all your API activity for audit and security purposes. But if you want to store CloudTrail activity logs for more than 90 days, users must move them to the S3 bucket, and from there, you can do log analysis.
AWS CloudTrail Lake allows you to
aggregate activity logs
immutable store activity logs
query logs using SQL
Earlier users having CloudTrail service had to use third-party applications to analyze CloudTrail activity logs stored in the S3 bucket. In many cases, there was a need to build data analysis solutions for efficient analysis of CloudTrail logs. But now, with the help of CloudTrail Lake, a consolidated solution for log analysis and log management is achieved.
2. Difference between CloudTrail lake and CloudTrail
Let’s set up CloudTrail lake with a few simple steps
Go to AWS console search for CloudTrail service
In the CloudTrail dashboard, click the “Lake” option from the sidebar
Then click the “Create event data store” button as shown in the below figure
Configure event datastore
Type in the name for the event data store. The user may check whether to include the only current region in the event store and the checkbox for enabling event data store for all the accounts in the AWS Organization. In this case, there is only a single account, and no AWS organization is formed hence the second checkbox is disabled. Then, click “Next.”
In this step, we can choose the event types we want to include in our event data store. Keep the default option as it is, then click on “Next.”
Review and create
We can review all the selected options for the event data store in the final step. Also, we can modify them if needed. Once the setup review is done, click “Create event data store.” As the event data store is created with a few clicks with the editor’s help, we can run SQL queries to manage data to find out the query results.
4. Use Cases
Investigation of a security incident is easy and efficient with the help of CloudTrail Lake, as it provides activity logs across all the accounts in the AWS Organization; therefore, it becomes easy to identify unauthorized access to the services.
To ensure the correct users are modifying your resources, such as security groups, ad hoc audits can be performed, and any changes that do not conform to your organization’s best practices tracked.
Get a deeper insight into your AWS charges, including which IAM users are subscribing to services, by tracking actions taken on your resources and assessing modifications or deletions.
With CloudTrail Lake, incident logging is simplified by removing operational dependencies, and you’ll also have access to tools you can use to reduce your reliance on complex data pipelines that span multiple teams.
CloudTrail Lake is free to try for 30 days for new customers. After that, ingestion and data scanning is limited to 5GB each. Data storage is included at no charge.
From our discussion on CloudTrail Lake, we can conclude that it simplified the CloudTrail implementation since it integrates collection, storage, processing, and optimization for analysis and query in one product. As a result, CloudTrail data can be queried and analyzed without implementing your data pipeline.
7. About CloudThat
We here at CloudThatare the official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft gold partner, helping people develop knowledge on cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.
Feel free to drop a comment or any queries that you have regarding AWS cloud trail, CloudTrail Lake, cloud adoption and we will get back to you quickly. To get started, go through our Expert Advisory page and Managed Services Packagethat is CloudThat’s offerings.
WRITTEN BY Aishwarya Joshi
Aishwarya works as a Research Associate (AWS Media services) with CloudThat. She is an enthusiastic individual and a good team player. A positive attitude is her way of dealing with everything. She enjoys learning new technologies and exploring various ways of problem-solving. As of late, she has become proficient in cloud services and enjoys writing technical blogs.