Coralogix provides a predefined Lambda function to easily forward your CloudTrail logs straight to the Coralogix platform.
Make sure you have CloudTrail enabled or create a trail in your AWS account and setup storage in your S3 bucket.
If you don’t have an active trail yet, you can find instructions in the AWS documentation. As with all of our AWS integrations, we have a published application on the Serverless Application Repository.
1. Log into your AWS console.
2. Navigate to the AWS Coralogix-CloudTrail application page.
3. Scroll to the bottom of the page and fill in the relevant fields.
Note! Ensure that the region in which the CloudFormation application is being run is identical to the region in which the CloudTrail S3 bucket exists.
4. Check the checkbox: I acknowledge that this app creates custom IAM roles and resource policies
.
5. Click Deploy.
6. View your logs in your Coralogix dashboard.
Below is a table of references to the parameters you will see in the deployment screen.
Parameter Name | Description |
---|---|
Application Name | Name of the lambda function in your account |
NotificationEmail | Failure notification email address. Requires a working SNS with a validated domain. |
S3BucketName | Name of the S3 bucket with CloudTrail logs to watch |
ApplicationName | Application name as it appears in your Coralogix UI, i.e. CloudTrail |
CoralogixRegion | Region [Europe, Europe2, India, Singapore, or US] associated with your Coralogix account domain. In case that you want to use a custom domain, leave this as default and input the custom domain in the CustomDomain field. |
CustomDomain | Coralogix custom domain. Leave empty if you do not use a custom domain. |
FunctionArchitecture | Function supports x86_64 or arm64 |
FunctionMemorySize | Max memory for the function itself. Default is 1024. |
FunctionTimeout | Maximum time in seconds the function may be allowed to run. Default is 300. |
PrivateKey | Your Coralogix ‘Send Your Data’ API Key |
SsmEnabled | True if you want to store your Coralogix private_key as a secret and False if you do not |
Layer_ARN | Your Coralogix SecurityLayer ARN. Copy from the SSM serverless application on which the ARN was installed. |
SubsystemName | Subsystem name as it appears in your Coralogix UI, i.e. AWS account ID |
S3KeyPrefix | Prefix of the path within the log. Allows you choose whether part or all of the bucket is shipped. |
S3KeySuffix | S3 path suffix to watch. Default is .json.gz . |
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].