Breaking News from AWS re:Invent
Coralogix receives AWS Rising Star award!

Back to All Docs

AWS CloudTrail AWS CloudTrail

Last Updated: Nov. 27, 2023

Coralogix provides a predefined Lambda function to forward your CloudTrail logs straight to the Coralogix platform using our app in the Serverless Application Repository.


  • Active trail in your AWS account enabled and sending data to your S3 bucket
  • Permissions to create Lambda functions


1. Log in to your AWS console.

2. Navigate to the AWS Coralogix-CloudTrail application page.

3. Scroll to the bottom of the page and fill in the relevant fields.

Note! Ensure that the region in which the CloudFormation application is being run is identical to the region in which the CloudTrail S3 bucket exists.

4. Check the checkbox: I acknowledge that this app creates custom IAM roles and resource policies.

5. Click Deploy.

6. View your logs in your Coralogix dashboard.

Parameters & Details

Below is a table of references to the parameters you will see in the deployment screen.

Parameter NameDescription
Application NameName of the Lambda function in your account
NotificationEmailFailure notification email address
Requires a working SNS with a validated domain
S3BucketNameName of the S3 bucket with CloudTrail logs to watch
ApplicationNameApplication name as it appears in your Coralogix UI, i.e. CloudTrail
CoralogixRegionRegion associated with your Coralogix account domain
In case that you want to use a custom domain, leave this as default and input the custom domain in the CustomDomain field.
CustomDomainCoralogix custom domain
Leave empty if you do not use a custom domain.
FunctionArchitectureFunction supports x86_64 or arm64
FunctionMemorySizeMax memory for the function itself
Default is 1024.
FunctionTimeoutMaximum time in seconds the function may be allowed to run
Default is 300.
ApiKeyYour Coralogix Send-Your-Data API key
If you have created a secret in AWS Secrets Manager, use the secret that contains your Coralogix Send-Your-Data API key.
Layer_ARNIf using AWS Secrets Manager, this is the ARN of the Coralogix Lambda layer. If not, leave empty.
CreateSecretIf you have created a secret in AWS Secrets Manager containing your Coralogix Send-Your-Data API key, set to False.
SubsystemNameSubsystem name as it appears in your Coralogix UI, i.e. AWS account ID
S3KeyPrefixPrefix of the path within the log that allows you choose whether part or all of the bucket is shipped
S3KeySuffixS3 path suffix to watch
Default is .json.gz.

Best Practices

Customers should add environment variable CORALOGIX_BUFFER_SIZE with value 268435456.

Additional Resources

DocumentationServerless Application Repository (Coralogix-CloudTrail)


Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].

On this page