How to load data from AWS CloudTrail to Databricks Lakehouse

Learn how to use Airbyte to synchronize your AWS CloudTrail data into Databricks Lakehouse within minutes.

Try Airbyte CloudManual method (the hard way)

Building your pipeline or Using Airbyte

Airbyte is the only open source solution empowering data teams  to meet all their growing custom business demands in the new AI era.

Building in-house pipelines

Bespoke pipelines are:
  • Inconsistent and inaccurate data
  • Laborious and expensive
  • Brittle and inflexible
Furthermore, you will need to build and maintain Y x Z pipelines with Y sources and Z destinations to cover all your needs.

After Airbyte

Airbyte connections are:
  • Reliable and accurate
  • Extensible and scalable for all your needs
  • Deployed and governed your way
All your pipelines in minutes, however custom they are, thanks to Airbyte’s connector marketplace and AI Connector Builder.

Start syncing with Airbyte in 3 easy steps within 10 minutes

Set up a AWS CloudTrail connector in Airbyte

Connect to or one of 400+ pre-built or 10,000+ custom connectors through simple account authentication.

Set up Databricks Lakehouse for your extracted AWS CloudTrail data

Select where you want to import data from your source to. You can also choose other cloud data warehouses, databases, data lakes, vector databases, or any other supported Airbyte destinations.

Configure the AWS CloudTrail to Databricks Lakehouse in Airbyte

This includes selecting the data you want to extract - streams and columns -, the sync frequency, where in the destination you want that data to be loaded.
Try Airbyte CloudManual method (the hard way)

Take a virtual tour

Check out our interactive demo and our how-to videos to learn how you can sync data from any source to any destination.

Demo video of Airbyte Cloud

Demo video of AI Connector Builder

Talk to our team

Setup Complexities simplified!

You don’t need to put hours into figuring out how to use Airbyte to achieve your Data Engineering goals.

Simple & Easy to use Interface

Airbyte is built to get out of your way. Our clean, modern interface walks you through setup, so you can go from zero to sync in minutes—without deep technical expertise.

Guided Tour: Assisting you in building connections

Whether you’re setting up your first connection or managing complex syncs, Airbyte’s UI and documentation help you move with confidence. No guesswork. Just clarity.

Airbyte AI Assistant that will act as your sidekick in building your data pipelines in Minutes

Airbyte’s built-in assistant helps you choose sources, set destinations, and configure syncs quickly. It’s like having a data engineer on call—without the overhead.

Try Airbyte CloudManual method (the hard way)

What sets Airbyte Apart

Modern GenAI Workflows

Streamline AI workflows with Airbyte: load unstructured data into vector stores like Pinecone, Weaviate, and Milvus. Supports RAG transformations with LangChain chunking and embeddings from OpenAI, Cohere, etc., all in one operation.

Move Large Volumes, Fast

Quickly get up and running with a 5-minute setup that enables both incremental and full refreshes for databases of any size, seamlessly scaling to handle large data volumes. Our optimized architecture overcomes performance bottlenecks, ensuring efficient data synchronization even as your datasets grow from gigabytes to petabytes.

An Extensible Open-Source Standard

More than 1,000 developers contribute to Airbyte’s connectors, different interfaces (UI, API, Terraform Provider, Python Library), and integrations with the rest of the stack. Airbyte’s AI Connector Builder lets you edit or add new connectors in minutes.

Full Control & Security

Airbyte secures your data with cloud-hosted, self-hosted or hybrid deployment options. Single Sign-On (SSO) and Role-Based Access Control (RBAC) ensure only authorized users have access with the right permissions. Airbyte acts as a HIPAA conduit and supports compliance with CCPA, GDPR, and SOC2.

Fully Featured & Integrated

Airbyte automates schema evolution for seamless data flow, and utilizes efficient Change Data Capture (CDC) for real-time updates. Select only the columns you need, and leverage our dbt integration for powerful data transformations.

Enterprise Support with SLAs

Airbyte Self-Managed Enterprise comes with dedicated support and guaranteed service level agreements (SLAs), ensuring that your data movement infrastructure remains reliable and performant, and expert assistance is available when needed.

What our users say

Raman Singh

Tech Lead at Symend

Predictable, straightforward pricing model that simplified budgeting and significantly reduced overall spend

Learn more
Chase Zieman headshot

Chase Zieman

Chief Data Officer

“Airbyte helped us accelerate our progress by years, compared to our competitors. We don’t need to worry about connectors and focus on creating value for our users instead of building infrastructure. That’s priceless. The time and energy saved allows us to disrupt and grow faster.”

Learn more

Rupak Patel

Operational Intelligence Manager

"With Airbyte, we could just push a few buttons, allow API access, and bring all the data into Google BigQuery. By blending all the different marketing data sources, we can gain valuable insights."

Learn more

How to Sync to Manually

Step 1: Setup AWS S3 Bucket for CloudTrail Logs

Begin by configuring AWS CloudTrail to deliver its logs to an Amazon S3 bucket. Ensure that the bucket is accessible and set up the necessary permissions. You can do this by creating a new bucket or using an existing one and configuring CloudTrail to deliver its logs to this bucket.

Step 2: Configure IAM Roles and Policies

Create an IAM role with read access to the S3 bucket where CloudTrail logs are stored. This role will be used by your Databricks environment to access the logs. Ensure the policy attached to the role grants `s3:GetObject` permission for the specific bucket and key prefix used by CloudTrail logs.

Step 3: Set Up Databricks Environment

Log into your Databricks workspace and navigate to the Data section. If necessary, configure the cluster with appropriate libraries or environments that can handle AWS SDKs for Python or other languages, as you'll need to script access to S3.

Step 4: Mount the S3 Bucket in Databricks

Use the Databricks file system (DBFS) to mount the S3 bucket where the CloudTrail logs are stored. You can do this by using the `dbutils.fs.mount` command along with the IAM role created in Step 2. This will allow you to read the S3 bucket as if it were part of the local file system.

Step 5: Ingest CloudTrail Logs into Databricks

Use Spark to read the logs into Databricks. CloudTrail logs are stored in JSON format, so you can use the `spark.read.json` function to load the logs into a Spark DataFrame. Specify the path to the mounted S3 location containing the JSON logs.

Step 6: Transform and Process Data

Once the logs are loaded into a DataFrame, use Spark SQL or DataFrame operations to clean, transform, and process the data as needed. This might include filtering for specific events, aggregating data, or reformatting fields to better suit your analytical needs.

Step 7: Write Data to Databricks Lakehouse

Finally, save the processed DataFrame to Databricks Lakehouse. Use the `write` method to save the data in Delta Lake format, which is optimized for performance and reliability. Specify the database and table where you want to store the transformed CloudTrail data.

By following these steps, you can efficiently move and process CloudTrail logs from AWS to the Databricks Lakehouse without relying on any third-party connectors.