AWS CloudTrail
Coralogix provides a predefined Lambda function to forward your CloudTrail logs straight to the Coralogix platform using our app in the Serverless Application Repository.
Requirements
Active trail in your AWS account enabled and sending data to your S3 bucket
Permissions to create Lambda functions
Setup
1. Log in to your AWS console.
2. Navigate to the AWS Coralogix-CloudTrail application page.
3. Scroll to the bottom of the page and fill in the relevant fields.
Note! Ensure that the region in which the CloudFormation application is being run is identical to the region in which the CloudTrail S3 bucket exists.
4. Check the checkbox: I acknowledge that this app creates custom IAM roles and resource policies.
5. Click Deploy.
6. View your logs in your Coralogix dashboard.
Parameters & Details
Below is a table of references to the parameters you will see in the deployment screen.
| Parameter Name | Description |
|---|---|
| Application Name | Name of the Lambda function in your account |
| NotificationEmail | Failure notification email address |
| Requires a working SNS with a validated domain | |
| S3BucketName | Name of the S3 bucket with CloudTrail logs to watch |
| ApplicationName | Application name as it appears in your Coralogix UI, i.e. CloudTrail |
| CoralogixRegion | Region associated with your Coralogix account domain |
In case that you want to use a custom domain, leave this as default and input the custom domain in the CustomDomain field. | |
| CustomDomain | Coralogix custom domain |
| Leave empty if you do not use a custom domain. | |
| FunctionArchitecture | Function supports x86_64 or arm64 |
| FunctionMemorySize | Max memory for the function itself |
| Default is 1024. | |
| FunctionTimeout | Maximum time in seconds the function may be allowed to run |
| Default is 300. | |
| ApiKey | Your Coralogix Send-Your-Data API key |
| If you have created a secret in AWS Secrets Manager, use the secret that contains your Coralogix Send-Your-Data API key. | |
| Layer_ARN | If using AWS Secrets Manager, this is the ARN of the Coralogix Lambda layer. If not, leave empty. |
| CreateSecret | If you have created a secret in AWS Secrets Manager containing your Coralogix Send-Your-Data API key, set to False. |
| SubsystemName | Subsystem name as it appears in your Coralogix UI, i.e. AWS account ID |
| S3KeyPrefix | Prefix of the path within the log that allows you choose whether part or all of the bucket is shipped |
| S3KeySuffix | S3 path suffix to watch |
Default is .json.gz. |
Best Practices
Customers should add environment variable CORALOGIX_BUFFER_SIZE with value 268435456.
Additional Resources
| Documentation | Serverless Application Repository (Coralogix-CloudTrail) |
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].
AWS MSK & Kafka 
Light
light
dark
User Guides
Integrations
OpenTelemetry
Developer Portal