AWS CloudTrail log collection via SNS trigger

Warning

The legacy Coralogix-CloudTrail-via-SNS SAR app is deprecated. For new deployments, use the unified Coralogix AWS Shipper, which supports CloudTrail-via-SNS using the IntegrationType and SNSTopicArn parameters. The parameter set differs from the legacy app described below; see the coralogix-aws-shipper repository for the current reference. These instructions will be migrated in a follow-up.

Coralogix provides a predefined Lambda function to easily forward your CloudTrail logs through SNS to the Coralogix platform. For easy setup, use our app in the AWS serverless application repository.

Prerequisites

Active CloudTrail account
Ready-made SNS topic with permissions SNS:Publish to the bucket
Ready-made CloudTrail S3 bucket with configured event notifications to the above SNS topic
AWS permissions to create Lambdas and IAM roles

Installation

STEP 1. Navigate to the Coralogix AWS Shipper application page.

STEP 2. Fill in the required parameters.

STEP 3. Click Deploy.

Parameters

Parameter	Description
Application Name	Stack name of the application created via AWS CloudFormation
ApplicationName	Application name as seen in the Coralogix UI
SubsystemName	Subsystem name as seen in the Coralogix UI
NotificationEmail	A notification email will be sent to this address via SNS if the Lambda fails. Requires you have a working SNS with a validated domain
S3BucketName	Name of the S3 bucket with CloudTrail logs to watch. Must be in the same region as the stack that you create
SNSTopicARN	ARN of the SNS topic. Must be in the same region as the S3 bucket
CoralogixRegion	Region associated with your Coralogix domain
FunctionArchitecture	Lambda function architecture. Possible options: x86_64, arm64
FunctionMemorySize	Maximum allocated memory this Lambda may consume. Do not change default, which is set to 1024.
FunctionTimeout	Maximum time (seconds) that the function may be allowed to run. Do not change default, which is set to 300.
PrivateKey	Coralogix Send-Your-Data API Key

Notes:

Do not change the **FunctionMemorySize** and **FunctionTimeout** parameters.

Additional Resources


Documentation	AWS CloudTrail

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].

Need help? Contact Support.

What's new? Find out here.

LLM? Read llms.txt.

Previous AWS EKS Fargate

Next AWS VPC flow logs Terraform module