AWS CloudTrail Lake launches enhanced analytics and cross-account data access

Posted on: Nov 21, 2024

AWS announces two significant enhancements to CloudTrail Lake, a managed data lake that enables you to aggregate, immutably store, and analyze your activity logs at scale:

• Comprehensive dashboard capabilities: A new "Highlights" dashboard provides an at-a-glance overview of your AWS activity logs including AI-powered insights (AI-powered insights is in preview). Additionally, we have added 14 new pre-built dashboards catering to various use cases such as security and operational monitoring. These dashboards provide a starting point to analyze trends, detect anomalies, and conduct efficient investigations across your AWS environments. For example, the security dashboard displays top access denied events, failed console login attempts, and more. You can also create custom dashboards with scheduled refreshes, tailoring your monitoring to specific needs.
• Cross-account sharing of event data stores: This feature allows you to securely share your event data stores with select IAM identities using Resource-Based Policies (RBP). These identities can then query the shared event data store within the same AWS Region where the event data store was created, facilitating more comprehensive analysis across your organization while maintaining security.

These features are available in all AWS Regions where AWS CloudTrail Lake is supported, except AI-powered insights on the “Highlights" dashboard, which is in preview in N. Virginia, Oregon, and Tokyo Regions. While these enhancements are available at no additional cost, standard CloudTrail Lake query charges apply when running queries to generate results or create visualizations for the CloudTrail Lake dashboards. To learn more, visit the AWS CloudTrail documentation or read our News Blog.