Simplify Cloud Data Auditing With AWS CLOUDTRAIL LAKE

1. Introduction

CloudTrail Lake is a full-featured, self-contained, managed feature, independent of a traditional AWS CloudTrail service that collects CloudTrail activity logs, processes them in immutable, secure, long-term storage, and allows SQL queries to be executed on them. The journey started back in 2013 when AWS launched CloudTrail. Right now, AWS provides CloudTrail free of cost for 90 days, where you can see all your API activity for audit and security purposes. But if you want to store CloudTrail activity logs for more than 90 days, users must move them to the S3 bucket, and from there, you can do log analysis.

AWS CloudTrail Lake allows you to

• aggregate activity logs
• immutable store activity logs
• query logs using SQL

Earlier users having CloudTrail service had to use third-party applications to analyze CloudTrail activity logs stored in the S3 bucket. In many cases, there was a need to build data analysis solutions for efficient analysis of CloudTrail logs. But now, with the help of CloudTrail Lake, a consolidated solution for log analysis and log management is achieved.

2. Difference between CloudTrail lake and CloudTrail

3. Setup

Let’s set up CloudTrail lake with a few simple steps

1. Go to AWS console search for CloudTrail service
2. In the CloudTrail dashboard, click the “Lake” option from the sidebar
3. Then click the “Create event data store” button as shown in the below figure
   
4. Configure event datastore
   Type in the name for the event data store. The user may check whether to include the only current region in the event store and the checkbox for enabling event data store for all the accounts in the AWS Organization. In this case, there is only a single account, and no AWS organization is formed hence the second checkbox is disabled. Then, click “Next.”
   
   
5. Choose events
   In this step, we can choose the event types we want to include in our event data store. Keep the default option as it is, then click on “Next.”
   
6. Review and create
   We can review all the selected options for the event data store in the final step. Also, we can modify them if needed. Once the setup review is done, click “Create event data store.” As the event data store is created with a few clicks with the editor’s help, we can run SQL queries to manage data to find out the query results.

4. Use Cases

1. Investigation of a security incident is easy and efficient with the help of CloudTrail Lake, as it provides activity logs across all the accounts in the AWS Organization; therefore, it becomes easy to identify unauthorized access to the services.
2. To ensure the correct users are modifying your resources, such as security groups, ad hoc audits can be performed, and any changes that do not conform to your organization’s best practices tracked.
3. Get a deeper insight into your AWS charges, including which IAM users are subscribing to services, by tracking actions taken on your resources and assessing modifications or deletions.
4. With CloudTrail Lake, incident logging is simplified by removing operational dependencies, and you’ll also have access to tools you can use to reduce your reliance on complex data pipelines that span multiple teams.

5. Pricing

CloudTrail Lake is free to try for 30 days for new customers. After that, ingestion and data scanning is limited to 5GB each. Data storage is included at no charge.

6. Conclusion

From our discussion on CloudTrail Lake, we can conclude that it simplified the CloudTrail implementation since it integrates collection, storage, processing, and optimization for analysis and query in one product. As a result, CloudTrail data can be queried and analyzed without implementing your data pipeline.

7. About CloudThat

We here at CloudThat are the official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft gold partner, helping people develop knowledge on cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

Feel free to drop a comment or any queries that you have regarding AWS cloud trail, CloudTrail Lake, cloud adoption and we will get back to you quickly. To get started, go through our Expert Advisory page and Managed Services Package that is CloudThat’s offerings.