Coralogix provides a predefined Lambda function to forward your CloudTrail logs straight to the Coralogix platform using our app in the [Serverless Application Repository](https://serverlessrepo.aws.amazon.com/applications/eu-central-1/597078901540/coralogix-aws-shipper). ## Requirements - [Active trail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.html) in your AWS account enabled and sending data to your S3 bucket - Permissions to create Lambda functions ## Setup 1. Log in to your AWS console. 1. Navigate to the [Coralogix AWS Shipper](https://serverlessrepo.aws.amazon.com/applications/eu-central-1/597078901540/coralogix-aws-shipper) application page. 1. Scroll to the bottom of the page and fill in the relevant fields. **Note**! Ensure that the region in which the CloudFormation application is being run is **identical** to the region in which the CloudTrail S3 bucket exists. 1. Check the checkbox: `I acknowledge that this app creates custom IAM roles and resource policies`. 1. Click **Deploy**. 1. View your logs in your Coralogix dashboard. ## Parameters & Details Below is a table of references to the parameters you will see in the deployment screen. | Parameter Name | Description | | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Application Name** | Name of the Lambda function in your account | | **NotificationEmail** | Failure notification email address | | Requires a working SNS with a validated domain | | | **S3BucketName** | Name of the S3 bucket with CloudTrail logs to watch | | **ApplicationName** | [**Application name**](https://coralogix.com/docs/user-guides/account-management/account-settings/application-and-subsystem-names/index.md) as it appears in your Coralogix UI, i.e. `CloudTrail` | | **CoralogixRegion** | Region associated with your Coralogix account [**domain**](https://coralogix.com/docs/user-guides/account-management/account-settings/coralogix-domain/index.md) | | In case that you want to use a custom domain, leave this as default and input the `custom domain` in the CustomDomain field. | | | **CustomDomain** | Coralogix custom domain | | Leave empty if you do not use a custom domain. | | | **FunctionArchitecture** | Function supports x86_64 or arm64 | | **FunctionMemorySize** | Max memory for the function itself | | Default is 1024. | | | **FunctionTimeout** | Maximum time in seconds the function may be allowed to run | | Default is 300. | | | **ApiKey** | Your Coralogix **[Send-Your-Data API key](https://coralogix.com/docs/user-guides/account-management/api-keys/send-your-data-api-key/index.md)** | | If you have created a secret in **[AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html)**, use the secret that contains your Coralogix [**Send-Your-Data API key**](https://coralogix.com/docs/user-guides/account-management/api-keys/send-your-data-api-key/index.md). | | | **Layer_ARN** | If using **[AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html)**, this is the ARN of the Coralogix [**Lambda layer**](https://serverlessrepo.aws.amazon.com/applications/eu-central-1/597078901540/Coralogix-Lambda-SSMLayer)). If not, leave empty. | | **CreateSecret** | If you have created a secret in **[AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html)** containing your Coralogix [**Send-Your-Data API key**](https://coralogix.com/docs/user-guides/account-management/api-keys/send-your-data-api-key/index.md), set to False. | | **SubsystemName** | [**Subsystem name**](https://coralogix.com/docs/user-guides/account-management/account-settings/application-and-subsystem-names/index.md) as it appears in your Coralogix UI, i.e. AWS account ID | | **S3KeyPrefix** | Prefix of the path within the log that allows you choose whether part or all of the bucket is shipped | | **S3KeySuffix** | S3 path suffix to watch | | Default is `.json.gz`. | | ## Best Practices Customers should add environment variable `CORALOGIX_BUFFER_SIZE` with value `268435456`. ## Additional Resources | | | | ---------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | | External Documentation | [Serverless Application Repository](https://serverlessrepo.aws.amazon.com/applications/eu-central-1/597078901540/coralogix-aws-shipper) | ## **Support** **Need help?** Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up. Feel free to reach out to us **via our in-app chat** or by sending us an email at **[support@coralogix.com](mailto:support@coralogix.com)**.