Coralogix provides a predefined Lambda function to easily forward your CloudTrail logs straight to the Coralogix platform.
Make sure you have CloudTrail enabled or create a trail in your AWS account and setup storage in your S3 bucket.
If you don’t have an active trail yet, you can find instructions in the AWS documentation. As with all of our AWS integrations, we have a published application on Serverless Application Repository.
I acknowledge that this app creates custom IAM roles and resource policies
At this point, you should be able to see logs coming into your Coralogix account.
Below is a table of references to the parameters you will see in the deployment screen.
|Application name||The name of the lambda function in your account|
|NotificationEmail||Should the lambda will fail to execute we can send an email to notify you via SNS|
(requires you have a working SNS, with a validated domain)
|S3BucketName||The name of the S3 bucket with CloudTrail logs to watch|
|ApplicationName||The name of the Coralogix application you wish to assign to this lambda|
(a good starting point will be
|CoralogixRegion||The Coralogix location region, possible options are [Europe, India, Singapore, US]|
|FunctionArchitecture||Lambda function architecture, possible options are [x86_64, arm64]|
|FunctionMemorySize||The maximum allocated memory this lambda may consume, the default is |
|FunctionTimeout||The maximum time in seconds the function may be allowed to run, the default is|
|PrivateKey||Your Coralogix secret key|
|SubsystemName||The subsystem name you wish to allocate to this log shipper |
(a good starting point may be your AWS account ID)
|S3KeyPrefix||The prefix of the path within the log, this way you can choose if only part of your bucket is shipped|
|S3KeySuffix||A filter for the suffix of the file path in your bucket, the default is |