Posted On: Nov 28, 2022
AWS CloudTrail Lake now integrates with AWS Config to support ingestion and query of configuration items. Now you can query and analyze both configuration items and CloudTrail activity logs in CloudTrail Lake, thereby simplifying and streamlining your security and compliance investigations. CloudTrail Lake enables security teams to perform retrospective investigations by helping answer who made what configuration changes to resources associated with security incidents such as data exfiltration or unauthorized access. CloudTrail Lake helps compliance engineers investigate noncompliant changes to their production environments by relating AWS Config rules with noncompliant status to who and what resource changes triggered them. IT teams can perform historical asset inventory analysis on configuration items using CloudTrail Lake’s default seven-year data retention period.
It's easy to get started with ingesting and analyzing configuration items in CloudTrail Lake. First, you must enable recording in AWS Config. Next, you must create a CloudTrail Lake event data store using the CloudTrail Lake console, or using the AWS API or CLI to collect configuration items. This will allow newly-recorded configuration items from AWS Config, at an account or organization level, to be delivered to the specified CloudTrail Lake event data store. You can join queries in CloudTrail Lake across diverse event data sources, such as CloudTrail events or configuration items, for granular analysis. Sample queries are available in the CloudTrail Lake console to help you get started.
This new capability is available in all AWS Regions where AWS CloudTrail Lake is available. Please refer to CloudTrail Lake pricing to understand ingestion and query charges for using this feature. AWS Config charges also apply. For more details on this feature, see the product documentation.