Securely share AWS CloudTrail Lake logs across accounts without replicating data
AWS Cloud Operations Blog
This article explains how to securely provide access to centralized AWS CloudTrail Lake logs across accounts in an AWS Organization.
Specifically, the article covers:
- Using AWS Lake Formation to set up data filters to selectively include specific account IDs from a CloudTrail Lake Organization Event Data Store
- Setting up cross-account sharing of the filtered CloudTrail Lake data using Lake Formation and Resource Access Manager (RAM)
- Verifying the filtered data access in the recipient account using Amazon Athena
- Automating the setup using AWS CloudFormation templates (optional)
- Cleaning up the resources created
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Sep 17
2024
2024
Ingesting administrative logs from Microsoft Azure to AWS CloudTrail Lake
Nov 21
2024
2024
AWS CloudTrail Lake launches enhanced analytics and cross-account data access
Nov 13
2024
2024
AWS CloudTrail Lake enhances log analysis with AI-powered features
Dec 30
2025
2025
AWS launches simplified import of CloudTrail Lake data in Amazon CloudWatch
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.