Posted On: Jan 5, 2022

AWS announces the general availability of AWS CloudTrail Lake, a managed audit and security lake that allows you to aggregate, immutably store, and query your activity logs for auditing, security investigation, and operational troubleshooting.

CloudTrail Lake simplifies activity log analysis by integrating collection, storage, optimization, and query in the same product. By consolidating these features into one environment, CloudTrail Lake eliminates the need for separate data processing pipelines that span across teams and products. An integrated SQL experience enables you to more easily query your CloudTrail data. CloudTrail Lake also features sample queries to help you get started with writing queries for common scenarios, such as collecting a user's activity, that can accelerate security investigations. With immutable event data storage and a default retention period of seven years, CloudTrail Lake can meet the compliance requirements of most users. CloudTrail Lake can also collect events from multiple AWS regions and accounts.

You can enable CloudTrail Lake in the CloudTrail console, by using the AWS Software Development Kits (SDKs), or by using the AWS Command Line Interface (CLI). CloudTrail Lake is currently available in the following regions: US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Canada (Central), Europe (Ireland), Europe (London), Europe (Paris), Europe (Frankfurt), Europe (Stockholm), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Osaka), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Mumbai), South America (Sao Paulo), Europe (Milan), Asia Pacific (Hong Kong), Middle East (Bahrain), and South Africa (Cape Town). To get started, see Working with CloudTrail Lake in the CloudTrail User Guide. You can also learn more about AWS CloudTrail Lake in this blog or visit the AWS CloudTrail page.