How to load data from AWS CloudTrail to DynamoDB

Learn how to use Airbyte to synchronize your AWS CloudTrail data into DynamoDB within minutes.

Try Airbyte CloudManual method (the hard way)

Building your pipeline or Using Airbyte

Airbyte is the only open source solution empowering data teams  to meet all their growing custom business demands in the new AI era.

Building in-house pipelines

Bespoke pipelines are:
  • Inconsistent and inaccurate data
  • Laborious and expensive
  • Brittle and inflexible
Furthermore, you will need to build and maintain Y x Z pipelines with Y sources and Z destinations to cover all your needs.

After Airbyte

Airbyte connections are:
  • Reliable and accurate
  • Extensible and scalable for all your needs
  • Deployed and governed your way
All your pipelines in minutes, however custom they are, thanks to Airbyte’s connector marketplace and AI Connector Builder.

Start syncing with Airbyte in 3 easy steps within 10 minutes

Set up a AWS CloudTrail connector in Airbyte

Connect to or one of 400+ pre-built or 10,000+ custom connectors through simple account authentication.

Set up DynamoDB for your extracted AWS CloudTrail data

Select where you want to import data from your source to. You can also choose other cloud data warehouses, databases, data lakes, vector databases, or any other supported Airbyte destinations.

Configure the AWS CloudTrail to DynamoDB in Airbyte

This includes selecting the data you want to extract - streams and columns -, the sync frequency, where in the destination you want that data to be loaded.
Try Airbyte CloudManual method (the hard way)

Take a virtual tour

Check out our interactive demo and our how-to videos to learn how you can sync data from any source to any destination.

Demo video of Airbyte Cloud

Demo video of AI Connector Builder

Talk to our team

Setup Complexities simplified!

You don’t need to put hours into figuring out how to use Airbyte to achieve your Data Engineering goals.

Simple & Easy to use Interface

Airbyte is built to get out of your way. Our clean, modern interface walks you through setup, so you can go from zero to sync in minutes—without deep technical expertise.

Guided Tour: Assisting you in building connections

Whether you’re setting up your first connection or managing complex syncs, Airbyte’s UI and documentation help you move with confidence. No guesswork. Just clarity.

Airbyte AI Assistant that will act as your sidekick in building your data pipelines in Minutes

Airbyte’s built-in assistant helps you choose sources, set destinations, and configure syncs quickly. It’s like having a data engineer on call—without the overhead.

Try Airbyte CloudManual method (the hard way)

What sets Airbyte Apart

Modern GenAI Workflows

Streamline AI workflows with Airbyte: load unstructured data into vector stores like Pinecone, Weaviate, and Milvus. Supports RAG transformations with LangChain chunking and embeddings from OpenAI, Cohere, etc., all in one operation.

Move Large Volumes, Fast

Quickly get up and running with a 5-minute setup that enables both incremental and full refreshes for databases of any size, seamlessly scaling to handle large data volumes. Our optimized architecture overcomes performance bottlenecks, ensuring efficient data synchronization even as your datasets grow from gigabytes to petabytes.

An Extensible Open-Source Standard

More than 1,000 developers contribute to Airbyte’s connectors, different interfaces (UI, API, Terraform Provider, Python Library), and integrations with the rest of the stack. Airbyte’s AI Connector Builder lets you edit or add new connectors in minutes.

Full Control & Security

Airbyte secures your data with cloud-hosted, self-hosted or hybrid deployment options. Single Sign-On (SSO) and Role-Based Access Control (RBAC) ensure only authorized users have access with the right permissions. Airbyte acts as a HIPAA conduit and supports compliance with CCPA, GDPR, and SOC2.

Fully Featured & Integrated

Airbyte automates schema evolution for seamless data flow, and utilizes efficient Change Data Capture (CDC) for real-time updates. Select only the columns you need, and leverage our dbt integration for powerful data transformations.

Enterprise Support with SLAs

Airbyte Self-Managed Enterprise comes with dedicated support and guaranteed service level agreements (SLAs), ensuring that your data movement infrastructure remains reliable and performant, and expert assistance is available when needed.

What our users say

Raman Singh

Tech Lead at Symend

Predictable, straightforward pricing model that simplified budgeting and significantly reduced overall spend

Learn more
Chase Zieman headshot

Chase Zieman

Chief Data Officer

“Airbyte helped us accelerate our progress by years, compared to our competitors. We don’t need to worry about connectors and focus on creating value for our users instead of building infrastructure. That’s priceless. The time and energy saved allows us to disrupt and grow faster.”

Learn more

Rupak Patel

Operational Intelligence Manager

"With Airbyte, we could just push a few buttons, allow API access, and bring all the data into Google BigQuery. By blending all the different marketing data sources, we can gain valuable insights."

Learn more

How to Sync to Manually

Step 1: Set Up CloudTrail Logging to S3

1. Sign in to the AWS Management Console.
2. Navigate to the CloudTrail service.
3. Click on "Create trail."
4. Enter a name for your trail.
5. Set "Apply trail to all regions" to Yes if you want to collect logs from all regions.
6. Under "Management events," choose "Read/Write events" to log all or select specific events.
7. In the "Data events" section, you can choose to log data events for S3 or Lambda.
8. For "Storage location," create or select an existing S3 bucket to store your logs.
9. Click "Create."

Step 2: Create an IAM Role for Lambda

1. Navigate to the IAM service in the AWS Management Console.
2. Go to "Roles" and click "Create role."
3. Choose "Lambda" as the use case and click "Next: Permissions."
4. Attach the following policies: `AmazonS3ReadOnlyAccess`, `AmazonDynamoDBFullAccess`, and `CloudWatchLogsFullAccess` (or more restrictive policies if you prefer).
5. Review, name the role, and create it.

Step 3: Create a DynamoDB Table

1. Go to the DynamoDB service in the AWS Management Console.
2. Click "Create table."
3. Enter a table name and primary key details (e.g., "EventID" as the primary key).
4. Configure table settings according to your requirements.
5. Click "Create."

Step 4: Create a Lambda Function

1. Navigate to the Lambda service in the AWS Management Console.
2. Click "Create function."
3. Choose "Author from scratch."
4. Enter a function name.
5. Choose the runtime as Python, Node.js, or any other supported runtime.
6. Under "Permissions," choose "Use an existing role" and select the role created in Step 2.
7. Click "Create function."

Step 5: Write the Lambda Function Code

In the Lambda function editor, write the code to:
- Read the CloudTrail log file from the S3 bucket.
- Parse the log data.
- Write the relevant data to the DynamoDB table.

Here's a Python example to get you started:


import boto3
import json

s3_client = boto3.client('s3')
dynamodb = boto3.resource('dynamodb')

def lambda_handler(event, context):
# Get the S3 object from the event
bucket_name = event['Records'][0]['s3']['bucket']['name']
object_key = event['Records'][0]['s3']['object']['key']

# Get the log file from S3
log_file = s3_client.get_object(Bucket=bucket_name, Key=object_key)
log_data = json.loads(log_file['Body'].read())

# Process log data and write to DynamoDB
table = dynamodb.Table('YourDynamoDBTableName')

for record in log_data['Records']:
# You can add logic here to filter or modify the records as needed
table.put_item(Item=record)

return 'Success'

Step 6: Set Up Lambda Trigger

1. In the Lambda function dashboard, click on "Add trigger."
2. Select "S3" from the trigger configuration services.
3. Choose the S3 bucket where CloudTrail logs are stored.
4. Set the event type to "PUT" or "Object Created (All)."
5. Click "Add."

Step 7: Test the Setup

1. Generate some events that CloudTrail will log (e.g., create an S3 bucket, start an EC2 instance).
2. CloudTrail writes logs to the S3 bucket.
3. The Lambda function triggers upon log file creation.
4. Check the DynamoDB table for the new entries.

Step 8: Monitor and Debug

1. Monitor the Lambda function executions in the AWS Lambda console.
2. Check the CloudWatch Logs for any error messages.
3. Adjust the Lambda function code and permissions as needed based on the logs.

Step 9: Optimize and Secure

1. Fine-tune the IAM policies to follow the principle of least privilege.
2. Optimize the Lambda function for performance and cost.
3. Set up alarms and notifications for any operational issues.