Coralogix provides a predefined Lambda function to easily forward your CloudTrail logs straight to the Coralogix platform.
Make sure you have CloudTrail enabled or create a trail in your AWS account and setup storage in your S3 bucket.
If you don’t have an active trail yet, you can find instructions in the AWS documentation. As with all of our AWS integrations, we have a published application on Serverless Application Repository.
1. Log into your AWS console.
2. Navigate to the AWS Coralogix-CloudTrail application page.
3. Scroll to the bottom of the page and fill in the relevant fields.
Note! Ensure that the region in which the CloudFormation application is being run is identical to the region in which the CloudTrail S3 bucket exists.
4. Check the checkbox:
I acknowledge that this app creates custom IAM roles and resource policies.
5. Click Deploy.
6. View your logs in your Coralogix dashboard.
Below is a table of references to the parameters you will see in the deployment screen.
|Application name||The name of the lambda function in your account|
|NotificationEmail||Should the lambda will fail to execute we can send an email to notify you via SNS|
(requires you have a working SNS, with a validated domain)
|S3BucketName||The name of the S3 bucket with CloudTrail logs to watch|
|ApplicationName||The name of the Coralogix application you wish to assign to this lambda|
(a good starting point will be
|CoralogixRegion||The Coralogix location region, possible options are [Europe, India, Singapore, US]|
|FunctionArchitecture||Lambda function architecture, possible options are [x86_64, arm64]|
|FunctionMemorySize||The maximum allocated memory this lambda may consume, the default is |
|FunctionTimeout||The maximum time in seconds the function may be allowed to run, the default is|
|PrivateKey||Your Coralogix secret key|
|SubsystemName||The subsystem name you wish to allocate to this log shipper |
(a good starting point may be your AWS account ID)
|S3KeyPrefix||The prefix of the path within the log, this way you can choose if only part of your bucket is shipped|
|S3KeySuffix||A filter for the suffix of the file path in your bucket, the default is |