Update an event data store with the console

To update an event data store

1. Sign in to the Amazon Web Services Management Console and open the CloudTrail console at https://console.amazonaws.cn/cloudtrail/.

2. In the navigation pane, under Lake, choose Event data stores.

3. Choose the event data store that you want to update. This action opens the event data store's details page.

4. In General details, choose Edit to change the following settings:

   • Event data store name - Change the name that identifies your event data store.

   • Pricing option- For event data stores using the Seven-year retention pricing option, you can choose to use One-year extendable retention pricing instead. We recommend one-year extendable retention pricing for event data stores that ingest less than 25 TB of event data on a monthly basis. We also recommend one-year extendable retention pricing if you're seeking a flexible retention period of up to 10 years. For more information, see Amazon CloudTrail Pricing and Managing CloudTrail Lake costs.

     Note

     You can't change the pricing option for event data stores that use One-year extendable retention pricing. If you want to use Seven-year retention pricing, stop ingestion on your current event data store. Then create a new event data store with the Seven-year retention pricing option.

   • Retention period - Change the retention period for the event data store. The retention period determines how long event data is kept in the event data store. Retention periods can be between 7 days and 3,653 days (about 10 years) for the One-year extendable retention pricing option, or between 7 days and 2,557 days (about seven years) for the Seven-year retention pricing option.

     Note

     If you decrease the retention period of an event data store, CloudTrail will remove any events with an eventTime older than the new retention period. For example, if the previous retention period was 365 days and you decrease it to 100 days, CloudTrail will remove events with an eventTime older than 100 days.

   • Encryption - To encrypt your event data store using your own KMS key, choose Use my own Amazon KMS key. By default, all events in an event data store are encrypted by CloudTrail. Using your own KMS key incurs Amazon KMS costs for encryption and decryption.

     Note

     After you associate an event data store with a KMS key, the KMS key can't be removed or changed.

   • To include only events that are logged in the current Amazon Web Services Region, choose Include on the current region in my event data store. If you don't choose this option, your event data store includes events from all Regions.

   • To have your event data store collect events from all accounts in an Amazon Organizations organization, choose Enable for all accounts in my organization. This option is only available if you're signed in with the management account for your organization, and the Event type for the event data store is CloudTrail events or Configuration items.

   Choose Save changes when you're finished.

5. In Lake query federation, choose Edit to enable or disable Lake query federation. Enabling Lake query federation lets you view the metadata for your event data store in the Amazon Glue Data Catalog and run SQL queries on the event data using Amazon Athena. Disabling Lake query federation disables the integration with Amazon Glue, Amazon Lake Formation, and Amazon Athena. After disabling Lake query federation, you can no longer query your data in Athena. No CloudTrail Lake data is deleted when you disable federation and you can continue to run queries in CloudTrail Lake.

   To enable federation, do the following:

   1. Choose Enable.

   2. Choose whether to create a new IAM role, or use an existing role. When you create a new role, CloudTrail automatically creates a role with the required permissions. If you're using an existing role, be sure the role's policy provides the required minimum permissions.

   3. If you're creating a new IAM role, enter a name for the role.

   4. If you're choosing an existing IAM role, choose the role you want to use. The role must exist in your account.

   Choose Save changes when you are finished.

6. Edit any additional settings for your Event type.

   Event type	Editable settings
   CloudTrail events	You can edit the following settings for CloudTrail events: To change which events your event data store logs, choose Edit in CloudTrail events. In Management events, choose Edit to change the settings for management events. For more information, see Logging management events with the Amazon Web Services Management Console (step 3). In Data events, choose Edit to change the settings for data events. You can choose which data event types you want to log and choose the log selector template you want to use. For more information, see Updating an existing event data store to log data events in the Amazon Web Services Management Console. Choose Save changes when you're finished.
   Events from integration	In Integrations, choose your integration. Then choose Edit to change the following settings: In Integration details, change the name that identifies your integration's channel. In Event delivery location, choose the destination for your events. In Resource policy, configure the resource policy for the integration's channel. Choose Save changes when you're finished. For more information about these settings, see Create an integration with an event source outside of Amazon.

7. To add, change, or remove tags, choose Edit in Tags. You can add up to 50 tag key pairs to help you identify, sort, and control access to your event data store. Choose Save changes when you're finished.