Our next-gen architecture is built to help you make sense of your ever-growing data Watch a 4-min demo video!

Back to All Integrations

Amazon Web Services (AWS) CloudTrail Amazon Web Services (AWS) CloudTrail

Last Updated: Feb. 01, 2023

Coralogix provides a predefined Lambda function to easily forward your CloudTrail logs straight to the Coralogix platform.

Make sure you have CloudTrail enabled or create a trail in your AWS account and setup storage in your S3 bucket.

If you don’t have an active trail yet, you can find instructions in the AWS documentation. As with all of our AWS integrations, we have a published application on Serverless Application Repository.


  • Active trail in your AWS account
  • Permissions to create lambda functions


1. Log into your AWS console.

2. Navigate to the AWS Coralogix-CloudTrail application page.

3. Scroll to the bottom of the page and fill in the relevant fields.

Note! Ensure that the region in which the CloudFormation application is being run is identical to the region in which the CloudTrail S3 bucket exists.

4. Check the checkbox: I acknowledge that this app creates custom IAM roles and resource policies.

5. Click Deploy.

6. View your logs in your Coralogix dashboard.

Parameters & Details

Below is a table of references to the parameters you will see in the deployment screen.

Parameter NameDescription
Application nameThe name of the lambda function in your account
NotificationEmailShould the lambda will fail to execute we can send an email to notify you via SNS
(requires you have a working SNS, with a validated domain)
S3BucketNameThe name of the S3 bucket with CloudTrail logs to watch
ApplicationNameThe name of the Coralogix application you wish to assign to this lambda
(a good starting point will be CloudTrail)
CoralogixRegionThe Coralogix location region, possible options are [Europe, India, Singapore, US]
FunctionArchitectureLambda function architecture, possible options are [x86_64, arm64]
FunctionMemorySizeThe maximum allocated memory this lambda may consume, the default is 1024
FunctionTimeoutThe maximum time in seconds the function may be allowed to run, the default is 300
PrivateKeyYour Coralogix secret key
SubsystemNameThe subsystem name you wish to allocate to this log shipper
(a good starting point may be your AWS account ID)
S3KeyPrefixThe prefix of the path within the log, this way you can choose if only part of your bucket is shipped
S3KeySuffixA filter for the suffix of the file path in your bucket, the default is .json.gz

On this page