Enhancing your cloud visibility and investigations with new features added to AWS CloudTrail Lake
Updates to AWS CloudTrail Lake, a managed data lake that may be used for auditing, security investigations, and operational issues. It allows you to aggregate, store, and query events that are recorded by AWS CloudTrail in an immutable manner.
The most recent CloudTrail Lake upgrades are:
- Improved CloudTrail event filtering options
- Sharing event data stores across accounts
- The creation of natural language queries driven by generative AI is generally available.
- AI-powered preview feature for summarizing query results
- Comprehensive dashboard features include a suite of 14 pre-built dashboards for different use cases, the option to construct custom dashboards with scheduled refreshes, and a high-level overview dashboard with AI-powered insights (AI-powered insights is under preview).
Let’s examine each of the new features individually.
Improved possibilities for filtering CloudTrail events that are ingested into event data stores
With improved event filtering options, you have more control over which CloudTrail events are ingested into your event data stores. By giving you more control over your AWS activity data, these improved filtering options increase the effectiveness and accuracy of security, compliance, and operational investigations. Additionally, by ingesting just the most pertinent event data into your CloudTrail Lake event data stores, the new filtering options assist you in lowering the costs associated with your analytical workflow.
Both management and data events can be filtered using properties like sessionCredentialFromConsole, userIdentity.arn, eventSource, eventType, and eventName.
Sharing event data stores across accounts
Event data repositories have a cross-account sharing option that can be used to improve teamwork in analysis. Resource-Based Policies (RBP) allow it to securely share event data stores with specific AWS principals. Within the same AWS Region in which they were formed, this feature enables authorized organizations to query shared event data stores.
CloudTrail Lake’s generative AI-powered natural language query generation is now widely accessible
AWS revealed this feature in preview form for CloudTrail Lake in June. With this launch, you may browse and analyze AWS activity logs (only management, data, and network activity events) without requiring technical SQL knowledge by creating SQL queries using natural language inquiries. The tool turns natural language searches into ready-to-use SQL queries that you can execute in the CloudTrail Lake UI using generative AI. This makes exploring event data warehouses easier and retrieving information on error counts, the most popular services, and the reasons behind problems. This capability is now available via the AWS Command Line Interface (AWS CLI) for users who prefer command-line operations, offering them even more flexibility.
Preview of the CloudTrail Lake generative AI-powered query result summarizing feature
To further streamline the process of examining AWS account activities, AWS is launching a new AI-powered query results summary function in preview, which builds on the ability to generate queries in natural language. This feature minimizes the time and effort needed to comprehend the information by automatically summarizing the main points of your query results in natural language, allowing you to quickly extract insightful information from your AWS activity logs (only management, data, and network activity events).
Extensive dashboard functionalities
CloudTrail Lake’s new dashboard features, which will improve visibility and analysis throughout your AWS deployments.
The first is a Highlights dashboard that gives you a concise overview of the data events saved in event data stores and the data collected in your CloudTrail Lake management. Important facts, such the most frequent failed API calls, patterns in unsuccessful login attempts, and spikes in resource creation, are easier to swiftly find and comprehend using this dashboard. It highlights any odd patterns or anomalies in the data.
Currently accessible
AWS CloudTrail Lake’s new features mark a significant step forward in offering a complete audit logging and analysis solution. These improvements help with more proactive monitoring and quicker incident resolution across your entire AWS environments by enabling deeper understanding and quicker investigation.
CloudTrail Lake in the US East (N. Virginia), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), and Europe (London) AWS Regions is now offering generative AI-powered natural language query creation.
Previews of the CloudTrail Lake generative AI-powered query results summary feature are available in the Asia Pacific (Tokyo), US East (N. Virginia), and US West (Oregon) regions.
With the exception of the generative AI-powered summarization feature on the Highlights dashboard, which is only available in the US East (N. Virginia), US West (Oregon), and Asia Pacific (Tokyo) Regions, all regions where CloudTrail Lake is available have improved filtering options and cross-account sharing of event data stores and dashboards.
CloudTrail Lake pricing
CloudTrail Lake query fees will apply when you run queries. See AWS CloudTrail price for further information.
