We're launching a new cybersecurity venture! Learn more about Snowbit >

Create an Account Request Demo

AWS CloudTrail AWS CloudTrail

Last Updated: Mar. 30, 2022

Coralogix provides a predefined Lambda function to easily forward your CloudTrail logs straight to the Coralogix platform.

Make sure you have CloudTrail enabled or create a trail in your AWS account and setup storage in your S3 bucket.

If you don’t have an active trail yet, you can find instructions in the AWS documentation. As with all of our AWS integrations, we have a published application on Serverless Application Repository.

Requirements

  • Active trail in your AWS account
  • Permissions to create lambda functions

Setup

  • Log into your AWS console
  • Navigate to AWS Coralogix-CloudTrail Application page.
  • Scroll to the bottom of the page and fill in the relevant fields.
  • Be sure to check the checkbox: I acknowledge that this app creates custom IAM roles and resource policies
  • Click Deploy

At this point, you should be able to see logs coming into your Coralogix account.

Parameters & Details

Below is a table of references to the parameters you will see in the deployment screen.

Parameter NameDescription
Application nameThe name of the lambda function in your account
NotificationEmailShould the lambda will fail to execute we can send an email to notify you via SNS
(requires you have a working SNS, with a validated domain)
S3BucketNameThe name of the S3 bucket with CloudTrail logs to watch
ApplicationNameThe name of the Coralogix application you wish to assign to this lambda
(a good starting point will be CloudTrail)
CoralogixRegionThe Coralogix location region, possible options are [Europe, India, Singapore, US]
FunctionArchitectureLambda function architecture, possible options are [x86_64, arm64]
FunctionMemorySizeThe maximum allocated memory this lambda may consume, the default is 1024
FunctionTimeoutThe maximum time in seconds the function may be allowed to run, the default is 300
PrivateKeyYour Coralogix secret key
SubsystemNameThe subsystem name you wish to allocate to this log shipper
(a good starting point may be your AWS account ID)
S3KeyPrefixThe prefix of the path within the log, this way you can choose if only part of your bucket is shipped
S3KeySuffixA filter for the suffix of the file path in your bucket, the default is .json.gz

On this page