Streamline the process of ingesting and analyzing logs from your AWS resources using our automated AWS CloudTrail via S3 with Terraform integration package.
Overview
AWS CloudTrail is an Amazon Web Services (AWS) service that helps you enable operational and risk auditing, governance, and compliance of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail.
Coralogix ingests the logs stored in your Amazon S3 bucket and process them for further analysis and monitoring.
Sending CloudTrail logs to Coralogix via Terraform provides a streamlined and automated approach to configure and manage the necessary AWS resources for CloudTrail log delivery.
Benefits
Use the AWS CloudTrail via S3 with Terraform integration package to enjoy:
Robust Security Monitoring. Terraform and Coralogix together offer a unified solution to send AWS CloudTrail logs, ensuring a centralized and robust security audit trail. Rapidly detect and respond to potential security threats or unauthorized access.
Swift Incident Response. Coralogix’s real-time visibility, driven by Terraform, accelerates incident response by quickly identifying and analyzing unusual patterns or suspicious activities in AWS CloudTrail logs.
Efficient Compliance. Terraform automation guarantees consistent delivery of CloudTrail logs to Coralogix, streamlining compliance management and providing a centralized solution for auditing and reporting.
Comprehensive Infrastructure Monitoring. The integration of CloudTrail logs with Coralogix via Terraform allows for a holistic view of your AWS infrastructure, enabling correlation with other logs and metrics for comprehensive monitoring and troubleshooting.
Scalable Configuration. Terraform’s infrastructure as code ensures scalable and repeatable deployment of CloudTrail log forwarding, adapting seamlessly to changes in your AWS environment and supporting both small and large-scale infrastructures.
Configuration
STEP 1. From your Coralogix toolbar, navigate to Data Flow > Extensions.
STEP 2. In the Integrations section, select AWS CloudTrail via S3 with Terraform.
STEP 3. Click + SETUP INTEGRATION.
STEP 4. Input your integration details.
Integration Name. Enter a name for your integration.
Authentication Type. Select the authentication type: API Key or Existing Secret.
If using an API key, enter your Send-Your-Data API key or click CREATE A NEW KEY to create a new API key for the integration.
If using an existing secret, enter the secret name.
Application Name. Enter an application name. The default name is AWS.
Subsystem Name. Enter a subsystem name. The default name is CloudTrail.
Enable AWS Secrets Manager (Advanced Settings). Enabling AWS Secrets Manager is necessary if you want to keep your Send-Your-Data API key as a secret in AWS Secrets Manager.
Lambda Layer ARN (Advanced Settings). If you are using Secret Manager, this is the ARN of the Coralogix Security lambda layer.
Newline Pattern (Advanced Settings). The pattern for where to split new lines.
Blocking Pattern (Advanced Settings). [Optional] The pattern for line blocking.
Buffer Size (Advanced Settings). The Coralogix logger buffer size. Default is 134217728.
Sampling Rate (Advanced Settings). Allows you to send messages with a specific sampling rate. Default is 1.
Oh no!We didn’t find anything for “”,
