Posted On: Jun 5, 2023
AWS CloudTrail Lake now provides the ability to selectively start or stop ingestion of CloudTrail events into your CloudTrail Lake event data store. This capability enables you to collect events only for a specific time window for troubleshooting or security analysis without having to delete or recreate the event data store. When you stop ingestion, the event data store continues to retain ingested events based on its retention period. For audit purposes, CloudTrail generates events that capture the start and stop ingestion activity.
You can enable this feature in the CloudTrail console, by using the AWS Software Development Kits (SDKs), or AWS Command Line Interface (CLI). This feature is available in the following AWS Regions: US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Canada (Central), Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Asia Pacific (Melbourne), Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Milan), Europe (Paris), Europe (Stockholm), Middle East (Bahrain), Middle East (UAE), South America (São Paulo), AWS GovCloud (US-East), and AWS GovCloud (US-West).
To get started, see Working with CloudTrail Lake in the CloudTrail User Guide.