Tutorials for CloudTrail Lake - Amazon CloudTrail
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Tutorials for CloudTrail Lake

While you can search events in Event history, you're limited to a single Amazon Web Services account, can only returns events from a single Amazon Web Services Region, and cannot query multiple attributes. In contrast, by creating a CloudTrail Lake event data store you can run complex SQL queries across multiple event fields and you can also query events across multiple Amazon Web Services Regions and Amazon Web Services accounts. You can keep the event data in an event data store for up to 3,653 days (about 10 years) if you choose the One-year extendable retention pricing option, or up to 2,557 days (about 7 years) if you choose the Seven-year retention pricing option. You can create an event data store to collect CloudTrail management and data events, Amazon Config configuration items, Amazon Audit Manager evidence, or non-Amazon events. You can create event data stores using the console, the Amazon CLI, or the CloudTrail API.

CloudTrail Lake event data stores and queries incur charges. When you create an event data store, you choose the pricing option you want to use for the event data store. The pricing option determines the cost for ingesting and storing events, and the default and maximum retention period for the event data store. When you run queries in Lake, you pay based upon the amount of data scanned. For information about CloudTrail pricing and managing Lake costs, see Amazon CloudTrail Pricing and Managing CloudTrail Lake costs.

The following tutorials show you how to perform common CloudTrail Lake tasks in the console. For more information about CloudTrail Lake, see Working with Amazon CloudTrail Lake.