Quick tips for running SQL queries on CloudTrail events using AWS CloudTrail lake
Bhuvaneswari Subramani
Technology Leader | AWS Hero | AWS Ambassador | Global Speaker | Blogger
A comprehensive guide to store CloudTrail logs in an AWS CloudTrail Lake and leverage SQL queries to analyze the CloudTrail events that are stored in the lake.
AWS is a big container housing a huge list of varied services. When you create an AWS Account, there are multiple ways in which you would create, update, delete or access the AWS resources – AWS Console, AWS SDK & AWS CLI.
Well, ultimately each of these events is either User activity or an API call. Now monitoring?Who did what, where & when?is called?Account Monitoring?and AWS CloudTrail was purpose-built for that in 2013.?Since then, CloudTrail has been the single source of truth to track user activity and API usage.
Later AWS CloudTrail Lake was?launched in 2022?to aggregate, immutably store, and query your activity logs for auditing, security investigation, and operational troubleshooting is simplified.
In one product, CloudTrail Lake collects, stores, optimizes, and queries activity logs. As a result of combining these features into one environment, CloudTrail Lake eliminates the need for separate data pipelines across teams and products.
Recently, AWS CloudTrail Lake has also?extended support for non-aws event source integration
Irrespective of the data source, the success of the services depends on how the data is stored and how seamlessly it can be utilised or accessed. This article focuses on two important features, storing and querying from CloudTrail Lake.
领英推荐
So let's dive deep into the steps to store the CloudTrail logs in a CloudTrail Lake and run SQL queries on your CloudTrail events stored in AWS CloudTrail Lake.
Feel free to walk along the blog to create a cloudtrail followed by cloudtrail lake, create a query, run and validate it.
The detailed clean-up instructions will help to you take your account back to original state post exploration of cloudtrail lake.