Posted On: May 9, 2023
AWS CloudTrail Lake, a managed data lake that lets organizations aggregate, immutably store, and query their audit and security logs for auditing, security investigations and operational troubleshooting, now supports all Presto SQL SELECT query functions for easy and flexible queryability of data . This new release includes support for popular query functions such as REGEXP_EXTRACT for sophisticated pattern matching such as finding all S3 requests made on a specific S3 bucket prefix, and UNNEST an array such as resources to query over its objects like resourceType. With this release, you can also add comments within the query for better readability.
To help you get started, the sample queries page in the CloudTrail Lake console provides sample queries leveraging the new supported Presto functions. For more information, see Viewing sample queries in the CloudTrail console.
The new function coverage is available in all commercial and AWS GovCloud (US) Regions where Amazon CloudTrail Lake is available. To learn more, visit the documentation.