Ingesting activity events from non-AWS sources to AWS CloudTrail Lake
Blog
This article demonstrates how to ingest non-AWS activity events into AWS CloudTrail Lake, using Google Cloud Platform audit logs as an example.
- CloudTrail Lake now supports ingesting activity events from non-AWS sources for unified audit logging
- Solution uses Lambda, EventBridge Scheduler, and Secrets Manager to poll GCP Pub/Sub and ingest logs
- Failed ingestions are forwarded to SQS FIFO queue for error handling and retry
- Requires GCP Pub/Sub topic, sink configuration, and service account key setup
- Deploy using SAM CLI with CloudFormation stack parameters for customization
- Query ingested events using SQL-based CloudTrail Lake queries for security analysis
- Lambda function scheduled to run every 5 minutes for continuous log ingestion
This solution enables organizations to consolidate audit logs from hybrid environments into a single managed data lake for compliance and security investigations.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.