TABLE OF CONTENT
1. Introduction2. Difference between CloudTrail Lake & CloudTrail3. Setup4. Use Cases5. Pricing6. Conclusion7. CloudThat1. Introduction
CloudTrail Lake, a fully-featured, self contained, managed feature that is independent of AWS CloudTrail, collects CloudTrail activity logs and processes them in immutable secure long-term storage. This allows SQL queries to run on them. CloudTrail was launched by AWS in 2013. CloudTrail is currently free for AWS for 90 days. You can view all API activity for auditing and security purposes. CloudTrail activity logs must be moved to the S3 bucket if you wish to keep them for longer than 90 days. Log analysis can then be done from there.
AWS CloudTrail Lake makes it possible to
Logs of aggregate activity
Logs of store activity that are immutable
SQL query logs
CloudTrail users who had previously used the service had to use third party applications to analyze CloudTrail activity logs in the S3 bucket. CloudTrail logs can often be analyzed in a way that is more efficient than the current data analysis solutions. CloudTrail Lake now provides a consolidated solution to log management and analysis.
2. CloudTrail lake vs CloudTrail
Let’s make CloudTrail lake by following a few easy steps
CloudTrail service can be found at AWS console search
Click the “Lake” option in the sidebar of the CloudTrail dashboard.
Next, click on the “Create Event Data Store” button as shown in this figure.
Configure event storeType in the name. The user can choose whether to include the current region in the event storage and the checkbox to enable event data store for all accounts in the AWS Organization. This is because there is only one account and no AWS Organization is created. The second checkbox is disabled. Then, click “Next.”
Select eventsIn this step we can select the event types that we wish to include in our event database store. Keep the default option and click on “Next.”
Review and Create We can also modify them if necessary. After the setup review is complete, click “Create Event Data Store.” Once the event store has been created, the editor will assist you in running SQL queries to manage the data.
4. Use Cases
CloudTrail Lake makes it easy and efficient to investigate security incidents. It provides activity logs across all accounts in the AWS Organization. This makes it easy to identify unauthorized access.
Ad-hoc audits are possible to ensure that the right users are modifiable your resources, such security groups. Any changes not in line with your organization’s best practices can be tracked.
You can get a deeper understanding of your AWS charges by tracking actions taken on your resources, and assessing modifications or deletions.
CloudTrail Lake makes incident logging simple by eliminating operational dependencies. You’ll also have access tools that can be used to reduce dependence on complex data pipelines that span multiple departments.
CloudTrail Lake is available for free for new customers for 30 days. After that, data scanning and ingestion are limited to 5GB. Data storage is free.
CloudTrail Lake is a product that integrates storage, processing, optimization for query and analysis. CloudTrail data can also be analyzed and queried without the need to implement your data pipeline.
7. About CloudThat
CloudThat is the official AWS partner.