Posted On: Sep 20, 2022
AWS CloudTrail Lake now supports the ability to import CloudTrail event logs from an Amazon Simple Storage Service (Amazon S3) bucket to CloudTrail Lake. You can bring your existing CloudTrail logs into an existing or new CloudTrail Lake event data store. This lets you consolidate historical CloudTrail event logs with new CloudTrail events collected in CloudTrail Lake into a single event data store in CloudTrail Lake. Once you have created your consolidated event data store in CloudTrail Lake, you can use it to run queries on all your logs, including events brought over from your trails.
The CloudTrail Lake import capability supports copying logs from an Amazon S3 bucket that stores logs from across multiple AWS accounts (from an organization trail) and multiple AWS Regions. You can also copy logs from individual accounts and single-region trails. The import capability also lets you specify an import date range, so that you only import the subset of logs that are needed for long-term storage and analysis in CloudTrail Lake.
The import feature is available in the following AWS Regions: US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Canada (Central), Europe (Ireland), Europe (London), Europe (Paris), Europe (Frankfurt), Europe (Stockholm), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Osaka), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Mumbai), and South America (Sao Paulo). To get started, see Working with CloudTrail Lake in the CloudTrail User Guide. You can also learn more about AWS CloudTrail Lake in this Cloud Operations blog or visit the AWS CloudTrail page. For pricing of this feature, please refer to CloudTrail Pricing.