{"id":10602,"date":"2022-03-20T14:26:45","date_gmt":"2022-03-20T14:26:45","guid":{"rendered":"https:\/\/blog.cloudthat.com\/?p=10602"},"modified":"2024-06-25T11:03:52","modified_gmt":"2024-06-25T11:03:52","slug":"simplify-cloud-data-auditing-with-aws-cloudtrail-lake","status":"publish","type":"blog","link":"https:\/\/www.cloudthat.com\/resources\/blog\/simplify-cloud-data-auditing-with-aws-cloudtrail-lake","title":{"rendered":"Simplify Cloud Data Auditing With AWS CLOUDTRAIL LAKE"},"content":{"rendered":"<table style=\"height: 223px;\" border=\"3\" width=\"426\">\n<tbody>\n<tr>\n<td>\n<h2><span style=\"color: #000080;\"><strong>TABLE OF CONTENT<\/strong><\/span><\/h2>\n<\/td>\n<\/tr>\n<tr>\n<td><strong><a href=\"#introduction\">1. Introduction<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong><a href=\"#difference\">2. Difference between CloudTrail Lake and CloudTrail<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong><a href=\"#setup\">3. Setup<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong><a href=\"#usecases\">4. Use Cases<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong><a href=\"#pricing\">5. Pricing<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong><a href=\"#conclusion \">6. Conclusion<\/a><\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong><a href=\"#aboutcloudthat\">7. About CloudThat<\/a><\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2 id=\"introduction\">1. Introduction<\/h2>\n<p>CloudTrail Lake is a full-featured, self-contained, managed feature, independent of a traditional AWS CloudTrail service that collects CloudTrail activity logs, processes them in immutable, secure, long-term storage, and allows SQL queries to be executed on them. The journey started back in 2013 when AWS launched CloudTrail. Right now, AWS provides CloudTrail free of cost for 90 days, where you can see all your API activity for audit and security purposes. But if you want to store CloudTrail activity logs for more than 90 days, users must move them to the S3 bucket, and from there, you can do log analysis.<\/p>\n<p>AWS CloudTrail Lake allows you to<\/p>\n<ul>\n<li>aggregate activity logs<\/li>\n<li>immutable store activity logs<\/li>\n<li>query logs using SQL<\/li>\n<\/ul>\n<p>Earlier users having CloudTrail service had to use third-party applications to analyze CloudTrail activity logs stored in the S3 bucket. In many cases, there was a need to build data analysis solutions for efficient analysis of CloudTrail logs. But now, with the help of CloudTrail Lake, a consolidated solution for log analysis and log management is achieved.<\/p>\n<h3 id=\"difference\"><span lang=\"EN-US\">2. Difference between CloudTrail lake and CloudTrail<\/span><\/h3>\n<p><a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/CT1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10604\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/CT1.png\" alt=\"Cloud Trail and CloudTrail Lake Comparision Table\" width=\"837\" height=\"232\" \/><\/a><\/p>\n<h3 id=\"setup\">3. Setup<\/h3>\n<p>Let&#8217;s set up CloudTrail lake with a few simple steps<\/p>\n<ol>\n<li>Go to AWS console search for CloudTrail service<\/li>\n<li>In the CloudTrail dashboard, click the &#8220;Lake&#8221; option from the sidebar<\/li>\n<li>Then click the &#8220;Create event data store&#8221; button as shown in the below figure<br \/>\n<a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/CT2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10605\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/CT2.png\" alt=\"CloudTrail Lake\" width=\"628\" height=\"301\" \/><\/a><\/li>\n<li>Configure event datastore<br \/>\nType in the name for the event data store. The user may check whether to include the only current region in the event store and the checkbox for enabling event data store for all the accounts in the AWS Organization. In this case, there is only a single account, and no AWS organization is formed hence the second checkbox is disabled. Then, click &#8220;Next.&#8221;<br \/>\n<a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/CT3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10606\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/CT3.png\" alt=\"CloudTrail Lake\" width=\"628\" height=\"368\" \/><\/a><br \/>\n<a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/CT4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-10607\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/CT4.png\" alt=\"CloudTrail Lake\" width=\"625\" height=\"230\" \/><\/a><\/li>\n<li>Choose events<br \/>\nIn this step, we can choose the event types we want to include in our event data store. Keep the default option as it is, then click on &#8220;Next.&#8221;<br \/>\n<a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/CT5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10608\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/CT5.png\" alt=\"CloudTrail Lake\" width=\"628\" height=\"411\" \/><\/a><\/li>\n<li>Review and create<br \/>\nWe can review all the selected options for the event data store in the final step. Also, we can modify them if needed. Once the setup review is done, click &#8220;Create event data store.&#8221; As the event data store is created with a few clicks with the editor&#8217;s help, we can run SQL queries to manage data to find out the query results.<\/li>\n<\/ol>\n<h3 id=\"usecases\">4. Use Cases<\/h3>\n<ol>\n<li>Investigation of a security incident is easy and efficient with the help of CloudTrail Lake, as it provides activity logs across all the accounts in the AWS Organization; therefore, it becomes easy to identify unauthorized access to the services.<\/li>\n<li>To ensure the correct users are modifying your resources, such as security groups, ad hoc audits can be performed, and any changes that do not conform to your organization&#8217;s best practices tracked.<\/li>\n<li>Get a deeper insight into your AWS charges, including which IAM users are subscribing to services, by tracking actions taken on your resources and assessing modifications or deletions.<\/li>\n<li>With CloudTrail Lake, incident logging is simplified by removing operational dependencies, and you&#8217;ll also have access to tools you can use to reduce your reliance on complex data pipelines that span multiple teams.<\/li>\n<\/ol>\n<h3 id=\"pricing\">5. Pricing<\/h3>\n<p>CloudTrail Lake is free to try for 30 days for new customers. After that, ingestion and data scanning is limited to 5GB each. Data storage is included at no charge.<br \/>\n<a href=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/CT6.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-10609\" src=\"https:\/\/content.cloudthat.com\/resources\/wp-content\/uploads\/2022\/11\/CT6.png\" alt=\"CloudTrail Lake\" width=\"771\" height=\"256\" \/><\/a><\/p>\n<h3 id=\"conclusion\">6. Conclusion<\/h3>\n<p>From our discussion on CloudTrail Lake, we can conclude that it simplified the CloudTrail implementation since it integrates collection, storage, processing, and optimization for analysis and query in one product. As a result, CloudTrail data can be queried and analyzed without implementing your data pipeline.<\/p>\n<h3 id=\"aboutcloudthat\">7. About CloudThat<\/h3>\n<p>We here at\u00a0<a href=\"https:\/\/www.cloudthat.com\/\" target=\"_blank\" rel=\"noopener\"><strong>CloudThat<\/strong>\u00a0<\/a>are the official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft gold partner, helping people develop knowledge on cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build\u00a0a robust\u00a0cloud computing ecosystem by disseminating\u00a0knowledge on technological intricacies within the cloud space.\u00a0Our blogs, webinars,\u00a0case studies, and white papers\u00a0enable all the stakeholders in the cloud computing sphere.<\/p>\n<p>Feel free to drop a comment or any queries that you have regarding AWS cloud trail, CloudTrail Lake, cloud adoption and we will get back to you quickly. To get started, go through\u00a0our\u00a0<a href=\"https:\/\/www.cloudthat.com\/expert-advisory\/?utm_source=blog-website&amp;utm-medium=text-link&amp;utm_campaign=expert-advisory\"><strong>Expert Advisory\u00a0<\/strong><\/a>page\u00a0and\u00a0<a href=\"https:\/\/www.cloudthat.com\/managed-services-packages\/\"><strong>Managed Services Package<\/strong><\/a><strong>\u00a0<\/strong>that is\u00a0<a href=\"https:\/\/cloudthat.com\/?utm_source=blog-website&amp;utm-medium=text-link&amp;utm_campaign=cloudthat.com\/\"><strong>CloudThat<\/strong><\/a><strong>\u2019s<\/strong>\u00a0offerings.<\/p>\n","protected":false},"author":250,"featured_media":10869,"parent":0,"comment_status":"open","ping_status":"open","template":"","blog_category":[3606,3607],"user_email":"aishwaryaj@cloudthat.com","published_by":"324","primary-authors":"","secondary-authors":"","acf":[],"_links":{"self":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog\/10602"}],"collection":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/users\/250"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/comments?post=10602"}],"version-history":[{"count":1,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog\/10602\/revisions"}],"predecessor-version":[{"id":45736,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog\/10602\/revisions\/45736"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/media?parent=10602"}],"wp:term":[{"taxonomy":"blog_category","embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog_category?post=10602"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}