Posted On: Nov 26, 2023
Starting today, AWS CloudTrail Lake data is now available for zero-ETL analysis in Amazon Athena. You can use Athena to query your activity logs in CloudTrail Lake without the operational complexity of moving data or building data processing pipelines. CloudTrail Lake is a managed data lake that lets you aggregate, immutably store, and analyze activity logs for audit, security, and operational investigations. Athena is an interactive query service that makes it simple to analyze data in Amazon S3 and other data stores using SQL. Using Athena, security engineers can now correlate activity logs in CloudTrail Lake with application and traffic logs in data stores such as S3 for security incident investigations. Compliance and operation engineers can now visualize activity logs in CloudTrail Lake with Amazon QuickSight and Amazon Managed Grafana for compliance, cost, and usage reporting.
To get started, share your CloudTrail Lake event data store(s) metadata with AWS Glue Data Catalog by turning on data federation in CloudTrail Lake. CloudTrail then creates the necessary Glue Data Catalog resources and registers the data with AWS Lake Formation, where you can specify the users and roles that can query your event data store with Athena. These actions can be performed using the console, APIs and CLI.ENnbsp;
This new capability is available in all AWS Regions where CloudTrail Lake is available. Queries performed by Amazon Athena on CloudTrail Lake data will be charged based on Athena pricing. Data in CloudTrail Lake will be charged based on CloudTrail Lake ingestion and retention pricing. To learn more, visit the documentation.