Onboard to Amazon CloudTrail Lake - Amazon CloudTrail
PrerequisitesStep 1: Partner registrationStep 2: Build the integrationBest practices and quotas
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Onboard to Amazon CloudTrail Lake

This section describes the prerequisites and steps to onboard your partner application to CloudTrail Lake.

Prerequisites

The following are requirements for performing tasks in this guide.

  • Amazon provides tiers (Select, Advanced, Premier) to recognize organizations that have proven technical expertise and demonstrated customer experience. You must be at least an Amazon Select Tier Partner. To become an Amazon Partner, you must first meet all requirements for the tier.

    For more information about how to become an Amazon Select Tier partner, see Become an Amazon Partner.

Step 1: Partner registration

To get started, register as an Amazon Partner in the Amazon Partner Network.

Be sure to meet the requirements of partner intake forms. The partner CloudTrail Lake intake forms collect information that the Amazon Partner Network uses to create your partner product profile. This profile gives the CloudTrail team information that we add to your partner provider description that is displayed in the CloudTrail console. Your profile also includes information that CloudTrail uses to confirm the integrity of the event source as CloudTrail Lake receives events the from a partner application.

  1. Get started by joining the Amazon Partner Network, and informing your Amazon Partner Network team that you want to become a partner with CloudTrail Lake.

  2. Get onboarding materials—including partner onboarding forms and the CloudTrail event schema—from the Amazon Partner Network team.

  3. Complete the partner onboarding forms, and share the completed forms with your Amazon Partner Network team. You might not yet have all required details. If you have questions, contact your Amazon Partner Network team.

Step 2: Build the integration

Build the integration that is required to send event logs to CloudTrail Lake.

  1. Review the CloudTrail integration event schema in this guide. The CloudTrail event schema provides a consistent way to log activity events for audit needs. This eliminates the need for time-consuming data standardization efforts before a cross-source analysis. CloudTrail Lake cannot accept events that do not follow the prescribed schema.

  2. Determine the events that you want to send. CloudTrail Lake only accepts activity events, or events that help customers understand who did what, and when. Typically, partners have existing mechanisms to provide their customers access to activity logs. The schema mapping exercise helps you exclude non-activity events. Contact your Amazon Partner Network team if you need help narrowing down event types.

  3. Build your integration architecture to send activity events to CloudTrail Lake. This includes offering a setup framework (GUI is preferred) and documentation for customers to enable your partner application to send events to CloudTrail Lake. A partner customer must share a CloudTrail channel Amazon Resource Number (ARN) with the partner as part of the integration process.

    1. To send events to CloudTrail Lake, the partner calls the PutAuditEvents API, specifying the channel ARN provided by the customer. If the channel's resource policy includes an external ID, you must also pass the external ID when you call PutAuditEvents.

    2. The partner checks transfer results for failures, and tries to resend failed events by calling the PutAuditEvents API again.

Best practices and quotas

As you integrate partner solution events, be aware of the following best practices, quotas, and limitations.

  • Schema mapping: Be sure that you have the key required fields included in the eventData block. Missing required fields results in errors. For information about required fields, see Understanding the CloudTrail Lake event schema

    You can add event fields that do not map to the schema to the additionalEventData field. Some partners use this field to include the entire, raw event.

  • Batching events: When you call the PutAuditEvents API, you can batch up to 100 events in a single API call, as long as each event is not greater than 256 kB in size, and the total size of all events is less than 1 MB. For more information about quotas in CloudTrail, see Quotas in Amazon CloudTrail in the Amazon CloudTrail User Guide.