Learn more about Streama© – the foundational technology behind our stateful streaming data platform. Learn More

AWS CloudTrail


Coralogix provides a predefined Lambda function to easily forward your CloudTrail logs straight to Coralogix.

Make sure you have CloudTrail enabled or create an AWS CloudTrail’s trail and setup storage in your S3 bucket

amazon-cloudtrail to coralogix integration storage location

The preferred and easiest integration method will be to use our aws Serverless Application Repository. Search for ‘coralogix’. Don’t forget to check the ‘Show apps that create custom IAM roles or resource policies’ box located just under the search field to see all available applications. Select your application of choice and click on it. You will see detailed instructions in the readme section on the left.


You can include SAM (Serverless Application Model) in your automation frameworks. If you need access to the latest and greatest Lambda code go to https://github.com/coralogix/coralogix-aws-serverless/tree/master/src.

The rest of this document describes a manual configuration of this integration and the Lambda associated with it and should be used if there is a need for special customization.

This document includes cluster dependent URL’s. Each URL has a variable part (in Italic). Please match this part with a row entry within the following table. Copy the table row entry located under the column that matches the top level domain of your Coralogix account (.com, .in etc.). Replace the variable part of the URL with this entry.

SSL Certificateshttps://coralogix-public.s3-eu-west-1.amazonaws.com/certificate/Coralogix-EU.crthttps://www.amazontrust.com/repository/AmazonRootCA1.pemhttps://coralogix-public.s3-eu-west-1.amazonaws.com/certificate/Coralogix-IN

1. Create an “author from scratch” Node.js 12.x runtime lambda with S3 read permission:

2. At “Code entry type” choose “Upload a ZIP file” and upload “s3ToCoralogixCloudTrail.zip

3. Add the mandatory environment variables: private_keyapp_namesub_name:
amazon-cloudtrail to coralogix integration environment variables

    • Private Key – A unique ID that represents your company. The private key can be found under ‘settings’->’ send your logs’. It is located in the upper left corner.
    • Application Name – Used to separate your environment, e.g. SuperApp-test/SuperApp-prod.
    • SubSystem Name – Your application probably has multiple subsystems, for example, Backend servers, Middleware, Frontend servers etc.
    • If your Coralogix account top level domain is not ‘.com’, add the following environment variable:
      CORALOGIX_URL=https://api.Cluster URL/api/v1/logs

4. Choose the S3 bucket you want to get triggered by and change the event type from “PUT” to “Object Created(All)”:
amazon-cloudtrail to coralogix integration configure triggers

5. Increase Memory to 1024MB and Timeout to 1min:
amazon-cloudtrail to coralogix integration memory settings

6. Click “save”.